It’s always the “other guy” until it’s you.
Thinking it won’t happen to you can leave you unprepared. If ever faced with a cyberattack, where your company is held hostage – then you know all too well the pain it can create in both time and money. The regrets of “I should have done this, or I could have done that” will be your counsel to other companies.
Unfortunately, the transportation industry has a bullseye on its chest. According to consolidated data from CarriersEdge, about 45% of fleets don’t have extensive protection against cyberattacks. Some have policies and provide staff training, however, only 10% of fleets provide training that extends to drivers, leaving a large proportion of their companies exposed to phishing attempts.
It’s more important than ever for companies to properly protect their information from damage, theft and destruction. Ensuring the proper cybersecurity is becoming an increasingly complex task as information continuously flows between people, devices, servers and networks.
Here’s what you can do to safeguard your company:
1. Guard your treasure
Hackers can access information both physically and remotely. It’s important to take proper precautions to keep them out of both the facility and computer systems.
Prevent hackers from remotely accessing systems by establishing a firewall, running anti-malware programs across all devices and use a virtual private network to secure your internet connection. Make sure network folders have appropriate security settings. These act as fortress walls to keep intruders out.
Don’t underestimate the power of the password. Create strong, unique passwords or passphrases for each account and device, keep track of them using a trusted password manager and choose to enable two-factor authentication whenever possible.
Remember that data can be stored in multiple places. Always back up information in case of loss or damage and be sure to securely destroy all copies of sensitive material when no longer needed.
Lock up your office! Safely store hard copies in a locked filing cabinet, ensure employees require appropriate identification to gain access to restricted areas and always set devices to auto-lock after a period of inactivity.
2. Think before you click
Hackers try to manipulate people into clicking on malicious links or downloading attachments in emails or on websites that contain malware that can damage, destroy or steal your data.
Hackers also play upon human emotions like fear and greed to get you to enter sensitive account information. For example, a hacker might send an email urging you to confirm login details to prevent the account from being deactivated within 24 hours. Or they might “bait” you into doing so by offering a bogus reward or prize.
Before you click on a link or respond to such an email with personal information, take a second to look at the email address of the sender to see if it is legitimate and hover over any hyperlinks to display the full web address. If it looks suspicious, it probably is.
Before you click “send” on an email, make sure to encrypt and password-protect any sensitive information and NEVER send credit card information over email.
3. Risk sounding rude
Hackers often impersonate other people and take advantage of social norms and niceties to do so. They may pretend to be an employee or an external service provider in order to gain access to information at your company.
Hackers are able to get away with this because people are often too nice to ask for identification or don’t want to risk sounding rude or foolish by doubting the authenticity of a visitor’s request. Usually, the imposter will have gathered enough information to make their visit or request sound legitimate.
Even if you may feel uncomfortable doing so, abide by the company’s visitor policy by asking anyone unfamiliar for their identification and escorting any unauthorized visitors to the front desk to obtain proper identification. Similarly, don’t be afraid to verify the request of anyone asking for information or who is seeking access to the facility or accounts by confirming with a supervisor that permission has been granted.
Criminals often impersonate CEOs and other high-level executives by hacking into their business email accounts, which they use to send requests to employees in order to obtain sensitive information, like customer billing information. If you doubt the legitimacy of a message, always contact the sender using a separate means of communication. Even if the request is genuine, your caution will be welcomed.
4. Sharing is not caring
Social media accounts can be a gold mine of useful information for hackers. Even seemingly harmless information can be used as part of a larger scheme. Be cautious about what you share and check settings to limit who can see your accounts and posts. Never post personal or corporate information on social media and be wary of what information might be revealed in the background of photos.
You might share information without even knowing it. Take the time to check app permissions and disable location services on your device and social media accounts. Location services is a setting that automatically tags photos and posts with your current location. This is especially important for drivers as it lets criminals know where to find them and their freight.
Be selective and careful when giving out email addresses and only give out to sources you know and trust, as your email address can become a target for spam and other malicious emails.
Remember that public Wi-Fi is in fact, public. Hackers can easily “eavesdrop” on open networks and gain access to the information you share over the network. Avoid logging in to any personal accounts over unsecured Wi-Fi.
5. Keep it up to date
Software companies put out updates or security patches because they have identified a vulnerability in their system. By postponing updates, you are essentially leaving the door to your system or device open to hackers.
Keep email filter up to date by flagging any unsolicited messages as spam/junk when you receive them. This will help limit the amount of unsolicited and potentially harmful emails that you receive.
As technology evolves, so should your policies and procedures for cybersecurity.
All told, it’s better to be safe than sorry. Be diligent in your efforts to keep an attack-free environment. And train drivers so they too know what to look for. By working together, you won’t end up being the company others are talking about at a cybersecurity conference.