It’s always the other guy, until it’s you. And if you’re involved in a cyberattack – where your company is held hostage – then you’ll know all too well the pain both in time and money that it can create. “I should have done this, or done that,” will be your counsel to other fleets.
Unfortunate as it is, the trucking industry has a bullseye on its chest. And now with COVID-19, many hackers are hoping guards will be let down. Scams revolving around loans and all things COVID are rampant.
It’s building on an already serious problem.
Various reports over the last two years estimate that transportation has moved up to the top five of industries most susceptible to experience a cyberattack. And small trucking companies tend to be the biggest targets for ransomware attacks because they lack sophisticated protections and, as a result, are more likely to pay hackers who disable their computer systems. If you’re hit, the hacker has probably already been “in” for a while. They can check your financials and see what you can afford to pay.
According to the Identity Theft Resource Center, there were more than 1,200 data breaches reported in 2018 that exposed more than 445 million records. And the average cost to clean it up? About $3.77 million for a data breach in the transportation industry, according to a recent study sponsored by IBM. It cost one shipping giant an estimated $300 million in its ransomware attack.
If that caught your attention, it should. It’s more important than ever for companies to properly protect their information from damage, theft, and destruction. Ensuring proper cybersecurity is becoming an increasingly complex task as information continuously flows between people, devices, servers, and networks.
While companies can protect themselves using hardware and software solutions, the biggest threat to a company’s data is a criminal attack from either a malicious insider or an external hacker.
Hackers are the con artists of the 21st century. They use psychological tactics (known as social engineering) to trick you into granting them access to your sensitive information. Unfortunately, even with software protections in place, all it takes is one password falling into the wrong hands to wreak havoc among an organization. And since we’re all connected, everyone in the company, from drivers to office staff to management and executive have a role to play in keeping data out of the hands of cybercriminals.
Here’s what you can do to safeguard your company:
1. Guard your treasure
Hackers can access your information both physically and remotely. It’s important to take proper precautions to keep them out of both your facility and your computer systems.
Prevent hackers from remotely accessing your systems by establishing a firewall, running anti-malware programs across all of your devices, and use a virtual private network to secure your Internet connection. Make sure network folders have appropriate security settings. These act as fortress walls to keep intruders out.
Don’t underestimate the power of the password. Create strong, unique passwords or passphrases for each of your accounts and devices, keep track of them using a trusted password manager and choose to enable two-factor authentication whenever possible.
Remember that data can be stored in multiple places. Always back up your information in case of loss or damage and be sure to securely destroy all copies of sensitive material when it is no longer needed.
Don’t forget to lock up your office! Safely store hard copies in a locked filing cabinet, ensure employees require appropriate identification to gain access to restricted areas, and always – always -- set your devices to auto-lock after a period of inactivity.
2. Think before you click
Hackers try to manipulate people into clicking on malicious links or downloading attachments in emails or on websites that contain malware which can damage, destroy or steal your data.
Hackers also play upon human emotions like fear and greed to get you to enter sensitive account information. For example, a hacker might send you an email urging you to confirm your login details to prevent your account from being deactivated within 24 hours. Or, they might “bait” you into doing so by offering a bogus reward or prize.
Before you click on a link or respond to such an email with personal information, take a second to look at the email address of the sender to see if it is legitimate and hover your cursor over any hyperlinks to display the full web address. If it looks suspicious, it probably is.
Before you click “send” on an email, make sure to encrypt and password-protect any sensitive information and NEVER send credit card information over email.
3. Risk sounding rude
Hackers often impersonate other people and take advantage of social norms and niceties to do so. They may pretend to be an employee or an external service provider in order to gain access to information at your company.
Hackers are able to get away with this because people are often too nice to ask for identification or don’t want to risk sounding rude or foolish by doubting the authenticity of a visitor’s request. Usually, the impostor will have gathered enough information to make their visit or request sound legitimate.
Even if you may feel uncomfortable doing so, abide by your company’s visitor policy by politely asking anyone unfamiliar for their identification and escorting any unauthorized visitors to the front desk to obtain proper identification. Similarly, don’t be afraid to verify the request of anyone asking for information or who is seeking to access to your facility or accounts by confirming with your supervisor that permission has been granted.
Criminals often impersonate CEOs and other high-level executives by hacking into their business email accounts, which they use to send requests to employees in order to obtain sensitive information, like customer billing information. If you doubt the legitimacy of a message, always contact the sender using a separate means of communication. Even if the request is genuine, your caution will be welcomed.
4. Sharing is not caring
Your social media accounts can be a gold mine of useful information for hackers. Even seemingly harmless information can be used as part of a larger scheme. Be cautious about what you share and check your settings to limit who can see your accounts and posts. Never post personal or corporate information on social media and be wary of what information might be revealed in the background of your photos.
You might share information without even knowing it. Take the time to check your app permissions and disable location services on your device and social media accounts. Location services is a setting which automatically tags your photos and posts with your current location. This is especially important for drivers as it lets criminals know where to find them and their freight.
Be selective and careful when giving out your email address and only give it out to sources you know and trust, as your email address can become a target for spam and other malicious email.
Remember that public Wi-Fi is in fact, public. Hackers can easily “eavesdrop” on open networks and gain access to information you share over the network. Avoid logging in to any personal accounts over unsecured Wi-Fi.
5. Keep it up to date
Software companies put out updates or security patches because they have identified a vulnerability in their system. By postponing updates, you are essentially leaving the door to your system or device open to hackers.
Keep your email filter up to date by flagging any unsolicited messages as spam/junk when you receive them. This will help limit the amount of unsolicited and potentially harmful emails that you receive.
As technology evolves, so should your policies and procedures for cybersecurity.
All told, it’s better to be safe than sorry. Be diligent in your efforts to keep an attack-free environment. And, train your drivers so they too know what to look for. By working together, you won’t end up being the company others are talking about at a cybersecurity conference.
Jane Jazrawy is CEO of CarriersEdge, a leading provider of online driver training for the trucking industry, and co-creator of Best Fleets to Drive For, an annual evaluation of the best workplaces in the North American trucking industry produced in partnership with Truckload Carriers Association.