Uninformed staff a weak link in cybersecurity

KISSIMMEE, Fla. — Connected objects are increasingly becoming a part of our business, our vehicles, and our lives, and with that comes an increased potential to be hacked.

Whether an attacker’s aim is to profit by stealing your information, your cash, or disrupting your business, or they’re doing it just to see if it can be done, the easiest way for hackers to get into your system is the old-fashioned way — through your people.

According to Dave Dalva, vice-president of security risk consulting at Aon Risk Services, the innocent or uninformed mistakes people make — such as clicking unknown links in emails, or even letting a stranger borrow a phone — are still the easiest and most common ways hackers gain entry to networks.

With the introduction of electronic logging devices, telematics systems, and wireless updating, connected trucks have frequent access to a fleet’s network and provide another vulnerable access point.

Once on the network, Dalva told a crowd at the Truckload Carriers Association (TCA) convention that attacks often go undetected for months, leaving hackers the freedom to collect information or siphon off funds unchecked.

Once someone in your organization clicks that suspect link, your whole network can become vulnerable to a ransomware attack that holds data hostage until companies pay, and these attacks on are on the rise.

High-tech thieves run large operations that Delva likens to the mafia. Many of the organizations even have working tech support numbers with agents who will walk victims through the payment process or unlocking the data.

The human factor and wide use of the technology means cyber security is no longer just a problem for the IT department. Since breaches can come from every network user, Dalva says security has to be a concern for every employee and should be incorporated into regular conversations in every department.

When trying to secure your network, Dalva says there is no one quick-fix solution that will protect an entire fleet. Instead of trying for a one-stop-shop product that will provide a false sense of security, companies should evaluate where they might be vulnerable to get a good overview of where they need to focus.

An evaluation can be completed by an outside firm that will know where to look, but even if you undertake an in-house assessment, there are certain things to look for.

In addition to taking inventory of equipment and other network access points, what offline backups exist and how often they are updated, and training for employees, Dalva recommends looking at business partners as well.

Hackers can gain access to network points through third parties that send emails or sync information with a network. Everyone from outside payroll companies to shippers could provide an entry point, and Dalva says asking your business partners about their security procedures should become a normal procedure.

After companies become aware of where they are most vulnerable then they can focus on implementing best practices for staying secure.

One of those best practises is establishing a plan with steps to be taken if there is a data breach, and rehearsing dry runthroughs with all staff members.

Dalva says modern realities mean no company can expect to be breach-free for the life of the organization, but mitigating the damage depends on the proper planning and the reaction of the people involved.


Have your say

We won't publish or share your data