In 2020, one of Canada’s largest trucking companies was hit with a series of ransomware attacks. The hacking group ended up posting this stolen data online. Fortunately, the company’s IT and security teams were able to restore operations two days later, and no mission-critical systems were compromised.
As businesses in the transportation and trucking industry shift to using digital infrastructure and platforms for their operations, cyber attacks are a growing threat. The impact of a hack can cost you valuable resources, time and damage your reputation.
How can you and your employees stay on top of cybersecurity best practices? What are the gaps in your current prevention plan? If a breach does occur, do you know what to do to help your business recover? To help you answer these questions and prepare your business for a potential cyber attack, here is what to consider for your risk management planning.
Types of cyber attacks your business may face
Social Engineering
Cybersecurity experts predict that an estimated 98 per cent of cyber attacks deploy social engineering methods, which involves using fear and uncertainty to manipulate a user to reveal information. The use of ransomware and phishing are among the most common types of cyber attacks your business may face.
Ransomware
A ransomware attack occurs when a user clicks on a malicious link or file that is designed to restrict access to your computer or files. For example, an employee opening a file or clicking a link in an email. When you open ransomware, a message may pop up demanding payment in exchange for the removal of this restricted access. This type of cyber attack is used by hackers to trick businesses into handing over large sums of money.
Phishing
More than 97 per cent of phishing emails contain ransomware. Phishing is a type of cyber crime using fraudulent communications to trick users into revealing sensitive information, such as passwords or banking information. In addition to email, it can be delivered through text messages, phone calls or even faxes. The COVID-19 pandemic has seen an increase in phishing attacks, where hackers impersonate health professionals claiming to represent well-known organizations like The Canadian Red Cross or World Health Organization.
How your business can guard against cyber attacks
Now that you understand what cyber risks you may be facing, you can think about how your business can take proactive steps to preventing an attack, while making sure you know what to do if you’ve been a victim of one.
Consider these factors as part of your risk management planning:
- Understand what assets, data, and information you have
- Prioritize your risks and the impact of a data breach
- Maintain good security hygiene
- Know what to do when a breach occurs
Understand what assets, data, and information you have
It’s important to know what you might lose if a cyber attack were to hit your business. This includes financial and customer information, as well as logins for accounts that store valuable data. It may help to conduct independent security assessments, such as technical penetration tests, to help you document your assets. When hiring a IT security professional, look for industry-recognized certifications.
To stay on top of emerging cybersecurity risks in the commercial vehicle sector, look out for reliable industry specific resources such as The Automotive Information Sharing and Analysis (AUTO-ISAC) Centre.
Prioritize risks and impact of breaches
By completing an assessment and understanding what data you need to protect, your business can prioritize what cyber risks are most likely to cause a breach. For example, if most of your employees are currently working remotely, make sure they understand what a phishing email could look like, and who they need to contact if they suspect they are a target.
Maintain good security hygiene
There are measures employees and senior management can take to help manage cyber threats. Two-factor authentication is an important way to protect against cyber attacks such as ransomware, as it adds an extra layer of security to an account to prevent someone from logging in, even if they have your password. This is important for those working with large invoices, in payroll, banking or with other employee files. A virtual private network (VPN) is also used by many employers with employees working remotely, where they are given a secure connection through an encrypted virtual tunnel. This can help guard against external attacks.
Regular training for employees, reviewing the cybersecurity measures currently in place, and backing up critical systems (e.g. using cloud storage) are other ways to maintain good security hygiene. Consider developing a cybersecurity committee made up of senior executives or managers across the business, with the power to make decisions on policy or investments in software that will help protect company data. A dedicated cybersecurity analyst can oversee all IT security requirements, test systems, and administer training.
Know what you need to do when a breach occurs
Regardless of how prepared you are, a cyber breach can still occur when you least expect it. Preparing an incident response plan can help your business respond quickly, reduce costly losses, and minimize disruptions. Create an emergency contact list that includes your insurer, legal counsel, and the police.
In 2018, changes to Canada’s federal private-sector privacy law came into effect. It is now mandatory for organizations to record and report any breaches of their security safeguards and notify individuals that are affected by the breach if it could cause them harm. Take the time to plan a communications strategy so you’re ready to quickly inform customers or stakeholders when a breach occurs.
Add another layer of security with reliable cyber risk coverage
No matter how big or small your trucking business is, you are at risk of a cyber breach. Cyber risk insurance can help you deal with things like network repair, legal claims and public relations so you can restore your reputation and trust among your customers. Get started today by visiting our cyber risk insurance page!