Securing Your IT Network
[Stay on top of transportation news: Get TTNews in your inbox.]
Protecting your trucking company’s computer network from the latest cyberthreats is an even greater challenge in 2021 given the stubborn persistence of the COVID-19 pandemic, according to security pros.
Always looking for ploys to trick employees into clicking on malicious links, hackers currently are riffing on coronavirus fears to dupe workers into inadvertently downloading malware.
Specifically, they’re sending employees official-looking emails pretending to feature new business policies on COVID-19, new announcements from government agencies or updates on free government financial support during the pandemic.
Dysart
Unfortunately, these hacker emails — also known as email phishing — turn out to be malicious. And they often result in the penetration of your network by hackers, the installation of malware on your computers and worse.
“With the companies moving more staff home to work remote, it not only expanded the size and complexity of the infrastructure that IT has to secure, but it also somewhat isolated staff. They are not sitting next to fellow co-workers that they can consult whether this email looks bogus,” said Dan Brewer, vice president of IT at Wilson Logistics.
Truckers also face the risk of increased break-ins on cloud accounts in 2021 and more personalized ransomware attacks that use employee or manager credentials to penetrate their networks.
“The degree of sophistication of the hacking attempts is alarming,” said John Dalrymple, senior vice president at West Side Transport. “I would advise everyone to take this threat seriously. I am aware of a couple of companies who were hacked, one with devastating results — it put the company out of business.”
Gerard Darby, chief information officer at NFI, added: “It is an arms race between the good guys and the bad guys. As long as it remains profitable to commit these hacking activities, they will continue to happen and increase.”
The upshot: Trucking companies need to stay current on the computer network security threats expected to surge in 2021, and then make the necessary moves to ensure they’re protected.
Toward that end, here are the key steps fleets need to take to ensure their computer networks are protected from the coming storm:
Secure your remote workforce: With so many more employees working from home these days, an IT department needs to take special care to safeguard network connections between work and home.
A good place to start is to require employees to log into your computer network via a virtual private network, or VPN, according to a recent Kaspersky report, “How COVID-19 Changed the Way People Work.”
Next-level technologies hold the potential to enhance safety and efficiency in transportation, but it takes a lot of work behind the scenes to advance these ideas from concept to reality. We talk with Christoph Mertz of the Robotics Institute at Carnegie Mellon and Huei Peng of the University of Michigan. Hear a snippet above, and get the full program by going to RoadSigns.TTNews.com.
Essentially, a VPN is an encrypted network that your employees use to access the internet. Given that VPNs are a private gateway to the internet, they make it much tougher for hackers to study how your employees are using the internet, including how they share files or how they’re using video meeting software.
Even with a VPN, it’s a good idea to ensure the devices employees use to log in from home include security software to protect your business. Phones used from home by employees are especially vulnerable. Ideally, you’ll want employees to use business-issued mobile phones for work. Lost phones mean lost business data, so you’ll want to install software on all employee mobile phones offering anti-theft capability.
Double down on email security: Security pros say employee email remains one of the most common ways hackers penetrate a business network, so you’ll want to shore-up your defenses in this vector, according to Cybriant Managed Security Services.
The coronavirus has triggered a new set of hacker penetration schemes, including malicious emails disguised as info requests on your business’ economic stimulus payment request. Similar hacker emails are offering fake advisory news about an employee at your firm who has been infected with COVID-19. Hackers also are having fun spoofing employees with fake notifications regarding a false shipping problem or delay caused by the coronavirus. Still not enough? Hackers also are happy to send your employees emails featuring attachments that promise to detail your business’ coronavirus policies. The boldest hackers also demand that your employee click a link inside the email confirming that they’ve read the policy — that’s an easy way to download malware or ransomware.
More Q2 iTECH
All told, more than 27% of employees and managers surveyed during the early months of the pandemic said they had received malicious, coronavirus-themed emails while working from home, according to the Kaspersky report.
As always, the best defense against email hacks is to continually refresh employee awareness about the problem. Some security consulting companies specialize in providing ongoing education to your employees — including remote testing of employees by email — on the latest email hacks.
It’s an approach used by Hub Group Chief Information Officer Vava Dimond.
“At Hub Group, employees participate in annual cybersecurity training,” she said. “All new hires complete it within 90 days of onboarding. We also engage employees through phish testing and real-time threat monitoring.”
Woody Lovelace, CIO at Southeastern Freight Lines, is another big believer in employee education. “While companies must rely on multiple technologies to protect themselves, the employee’s knowledge and practices can still offer an important line of defense against cyberattacks,” he said.
Beware cloud-jacking: With more companies moving to the cloud, it was inevitable that hackers would follow them there, according to the 2020 Sophos Threat Report. These days, even novice hackers can buy automated scripts on the dark web, which enable them to take complete control of the cloud infrastructure of your trucking business.
Once inside the cloud, a hacker often is able to steal the ID credentials of your cloud’s system administrator. Those are essentially the “keys to the kingdom” and can be used to further penetrate your cloud network, steal company data or wreak other havoc.
The move here is for businesses to review the security agreements they have with their cloud providers and ensure the provider is holding up its end of the bargain.
Stay vigilant against ransomware: The scourge that keeps on giving, ransomware generally announces itself on your computer network with a message that pops up proclaiming your system or files are frozen. That message usually is accompanied by a demand that you pay a cash ransom to regain control of your network.
Ransomware is expected to generate damages to the tune of $6 trillion annually by the close of 2021, according to Jordi Botifll, senior vice president at Cisco Americas.
During the past year, ransomware attacks have become more personal, according to a 2020 Trend Micro report, “Securing the Pandemic-Disrupted Workplace.” Essentially, more hackers are purchasing log-in credentials to specific business systems on the dark web and then loading in a ransomware program once they’re inside, according to the report.
Consider passwordless authentication: Despite years of admonishments, employees still insist on using passwords that are simple to crack. In 2019, for example, the most common password in use was “123456,” according to a report from Splash Data, an internet security firm. Employees looking to be a bit more clever employed “123456789.” And the next most popular passwords in descending order after that were “qwerty,” the ever-imaginative “password” and “1234567.”
No wonder more firms are turning to password alternatives to secure their networks. Popular techniques include touch ID, face ID, ID using a call or text to an employee smartphone and one-time passwords that are generated and sent to an employee’s email address after an employee ID is entered.
Forget Zoom-bombing: Early in the pandemic, web video meeting software firm Zoom got a bad rap from pranksters who began popping into business video meetings to cause trouble. To be fair, Zoom always had privacy controls, but they were a little tough to find.
Fortunately, Zoom has since updated the security on its video meetings and made its security controls much easier for users to find and use.
Consider an AI upgrade: As with virtually every other aspect of business software, some of the newest network security systems come with an artificial intelligence component. These new AI systems often lurk in the background, watching hackers as they poke around business networks, taking note of tricks and techniques hackers are using and then auto-building scripts to frustrate those same hacker moves the next time they pop up.
“If you are a senior IT leader, or C-level in an organization, you should be asking yourself, ‘How do we recover from a complete domain takeover and ransomware attack impacting the entire production environment?’” said Ben Simpson, director of IT at Taylor Truck Line. “If you don’t have a good answer for that, your company may be living on borrowed time.”
Joe Dysart is an internet speaker and business consultant based in Manhattan. Email: joe@dysartnewsfeatures.com. Web: dysartnewsfeatures.com.
Want more news? Listen to today's daily briefing below or go here for more info: