COMPROMISED – Is Your Fleet at Risk of a Cyber Attack?
Attack?
Any business (and particularly small to mid-sized ones) can become a victim of cyber-attacks. Which means at any moment your data could be stolen and your business shut down. Cyber-attacks result in trillions of dollars lost annually.
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm (Source: Cybercrime Magazine).
It’s virtually impossible to move freight today without connecting to a network and exchanging electronic documents. Every digital touchpoint, whether it’s in the office, on the road, or in the shop, can produce data or open a gateway that needs to be secured from unauthorized users.
Cybersecurity is a big job for any IT leader but especially one who may also be responsible for fleet operations, business development, accounting, and occasionally driving and equipment maintenance.
More than 43% of cybersecurity attacks involve small businesses. Small businesses are attractive targets because they have the personal and financial data that criminals want, and they typically lack the security infrastructure of larger organizations.
Fortunately, the technology that drives digital workflows in trucking and logistics is moving to the cloud, where security is a shared responsibility. Companies that provide mobile, telematics, and business process automation services in the cloud or over a network (SaaS) monitor and protect their servers, storage devices, and software, which frees you to focus on your own devices, data, operating systems, and users.
Common Threats
Cyber-attacks are evolving constantly, but several continue to raise concerns for small businesses:
– Malware (malicious software) refers to software designed to corrupt files and prevent a computer or network from working properly. Malware can include viruses, which are intended to spread from computer to computer and slow down your network or expose sensitive information.
– Phishing uses a deceptive email or a malicious website to infect your machine with malware. Phishing emails appear as though they’ve been sent by a legitimate organization in order to entice you into clicking on a link or opening an attachment that contains malicious code.
– Ransomware is malware that encrypts critical files, making them impossible to use. Hackers try to extort payment (usually in the form of cryptocurrency) from their victims in return for restoring access to the files. These distributed denial of-service (DDoS) attacks are rising 40% year over year, with 25% of businesses facing a repeat attack within 24 hours.
Ransomware can affect any part of your business that runs on a network, including accounting systems; email and phones; transportation and warehouse management systems; and even the electronic controls on vehicles and facilities like warehouses.
Worldwide, a business falls victim to a ransomware attack roughly every 14 seconds (Source).
A Need for Redundancy
The threat of malware, phishing, and DDoS attacks reinforces the need to reliably back up data and make sure you can access it in an emergency.
A data contingency plan can take several forms. In addition to having a local copy on your premises, you can back up data to a public or private cloud. Remote backups can be automated and continuously updated to multiple locations. You’ll need to consider which files you should back up, where they should be stored for quick recovery, and how to encrypt the backed-up data so it’s not infected by the original attack. Be sure to read the terms of service of your storage vendor so you’re aware of any fees for moving, accessing, or restoring data.
Another option is to work with vendors that manage your business processes in the cloud to establish their role in securing your data and recovering it.
Any reputable vendor should be certified under SOC 2 (Service Organization Control 2), an audit developed by the American Institute of Certified Public Accountants that assesses the extent to which a vendor complies with a set of criteria for managing customer data in the cloud. Specifically, they have processes for monitoring unusual system activity, authorized and unauthorized system configuration changes, and user access levels.
SOC 2 audits are voluntary and only determine what processes are in place to protect data against unauthorized access; adhere to privacy principles; the availability of services in the event of a disaster or security incident; and other criteria. They won’t evaluate how effective those processes actually are, however.
Your vendor’s commitment to SOC 2 principles, including backups that are protected from unauthorized access, can help establish the redundancy you need to keep data, devices, apps, and networks running with minimal disruption.
Ask for Help
Transflo’s platforms and devices generate vast amounts of data that are extremely valuable for controlling costs, increasing productivity, improving compliance, and reducing risks and inefficiencies associated with paper-based processes.
Many customers use Transflo as a resource to help them protect data and create resiliency against malicious attacks. In addition to deploying the latest technology, we can help establish a culture of security and a playbook that’s focused on your users, devices, and network connections:
- Verifying who has access to your systems, devices, and data.
- Creating policies surrounding dangerous sites, email, messaging, and file downloads.
- Securing all the various devices your business uses and how they access your network and the internet.
- Conducting formal training to educate employees and other users about risky behaviors, including how to identify phishing emails or unsecured web sites in public areas like truck stops, hotels, or airports.
Cybersecurity is a shared responsibility. Being informed and asking educated questions is a great first step on the path to managing a resilient, redundant information system that can stand up to the latest threats. Contact your Transflo rep today for more info.
Other industry resources you can use:
- The American Trucking Associations’ Fleet CyWatch program is a clearinghouse where members can share reports of suspicious activity and coordinate responses with enforcement agencies. org/fleet_cywatch.aspx
- The federal government has a catalog of free resources for small and midsized businesses through the U.S. Cybersecurity & Infrastructure Security Agency. CISA’s Cyber Essentials program is a guide for leaders of small businesses who want to improve cybersecurity practices in their organization. Likewise, the Federal Trade Commission has a site with resources for small businesses: gov/cyber-essentials; ftc.gov/tips-advice/business-center/small-businesses/cybersecurity
- The Automotive Information Sharing and Analysis Center (Auto-ISAC) was formed in 2015 by automakers to establish a central hub for sharing intelligence and best practices about cybersecurity and connected vehicles, including commercial trucks and trailers (automotiveisac.com).
About Transflo
Transflo® from Pegasus TransTech is a leading mobile, telematics, and business process automation provider to the transportation industry in the United States and Canada. Transflo’s digital ecosystem consists of mobile and cloud-based technologies that deliver real-time communications to fleets, brokers, and commercial vehicle drivers, and digitize 500 million shipping documents a year, representing approximately $84 billion in freight bills. Organizations throughout the Transflo client and partner network use the solution suite to increase efficiency, improve cash flow and reduce costs. Headquartered in Tampa, Florida, USA, Transflo is setting the pace for innovation in transportation software. For more information, visit www.transflo.com