LEARN HOW TO REDUCE THE TOP RISK TO YOUR CORPORATE AVIATION DATA

Jeff Wood, Aviation Manager

By JEFF WOOD

Employees may be the Greatest Risk to Your Data

According to research conducted by Arlington Research, based on a survey of 1,022 respondents in the U.S. in May 2016, a company’s own employees may in fact be the greatest risk to corporate aviation data security. 

We know this isn’t a surprise and we also know that our employees do not mean to place our flight department data at risk.  But what we have learned is that it is intentional

Read on and learn how you can help your staff reduce the risk they are incurring on your behalf. 

What is Data Security Really?

The definition of Data Security from Webster’s is:

Data Security (da-ta  se·cu·ri·ty)

Concerns the protection of data from accidental or intentional but unauthorized modification, destruction or disclosure through the use of physical security, administrative controls, logical controls, and other safeguards to limit accessibility.

There are ways this is accomplished that have been accepted as standards and any decent protection plan will include many of the following.
Encryption

Converting the data into a code that cannot be easily read without a key that unlocks the data.

Data Masking

Masking certain areas of data so personnel without the required authorization cannot look at it.

Data Erasure

Ensuring that no longer used data is completely removed and cannot be recovered by unauthorized people.

Data Backup

Creating copies of data so it can be recovered if the original copy is lost.

Incurring Data Risk is Incurring Financial Debt

The bill will come due and just how much we pay for it will greatly depend on the tools and policies you have in place to mitigate your exposure.

We pulled a few items from the report infographic to illustrate some key takeaways about data security.

Password-sharing is rampant, with 20 percent of employees sharing their work email password, and 12 percent sharing passwords to other work applications. Nearly half of all employees are unaware of any company policies around sharing of these passwords.

Sharing Passwords

Mobile device security is lax. One in five employees do not have any security software on their work devices, beyond what ships with the operating system.

Corporate Aviation uses iPads and how many have been left at the FBO with either no password or one that is set to 12345.

Employees are putting corporate networks at risk: 13 percent let their colleagues use a device that can access their employer’s network. Nine percent allow their partners to access such a device, and one percent even permit their children to use such a device.

The Solution

Let’s face it, Flight Departments operate remotely by definition so traditional security just won’t do.  Add to this that humans will take the least path of resistance. 

 So, we have to put in place provisions that directly address Aviation Data Security. Provisions that both protect the data and allow staff members to do their job without onerous hurdles.

Policies

Start with your policies. Review them and make sure they cover all these top key areas and then make sure your staff understand why they are there.

If your policies are informal, write them down and include them in your General Operations Manual.

Hardware Audits

Next conduct audits of your company technology to make sure they are updated, just be cautious of using the auto update features on devices that rely on software such as Foreflight.  

Software Tools

Ensure you use tools like ours that have the data and access policies built in, this way you are able to control access to your data.  Make sure they software utilizes all of the data protection features listed above such as encryption and data masking.

Data Protection

Make sure that any tool you use is storing your data siloed from any other data and that it is not comingled with other data.  This will prevent weak administrator passwords from providing an attacker access. 

 

Our commitment to security and your data.

FLTDepartment.com takes privacy and data protection seriously. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for Aviation Data Security.

We’ve designed our system to exceed ISO 27001 (information security management system) and ISO 27018 (for protecting personal data in the cloud).

If you ever have any questions about this or another topic we would be glad to talk with you and help you find the best solution for your flight department.

Have More Questions?

Who should we contact related to your questions?