Since it is National Cyber Security Awareness Month, it’s as good a time as any to determine whether the security protocols protecting the digital ramparts of your trucking operation are adequate.
And if any of the recent surveys I’ve been reviewing provide a general guide, they probably aren’t.
Take the results from Nationwide's second annual Small Business Indicator, a national survey of 502 U.S. small-business owners with fewer than 300 employees, for example.
That poll found most small-business owners (78%) still don't have a cyberattack response plan, even though more than half (54%) were victim to at least one type of cyberattack – and don’t forget, about 80% of the trucking industry is made up of operations that can be considered “small businesses.”
Additionally, about 60% of the small businesses participating in Nationwide’s survey that said they did experience a cyberattack said it took longer than a month to recover. By contrast, of those who have not encountered a cyberattack, more than half (57%) think their company could recover within a month.
By the by, what are the most common types of cyberattacks anyway? Here’s the list Nationwide developed from its survey:
- Computer virus (37%)
- Phishing (20%)
- Trojan horse (15%)
- Hacking (11%)
- Unauthorized access to customer information (7%)
- Unauthorized access to company information (7%)
- Issues due to unpatched software (6%)
- Data breach (6%)
- Ransomware (4 percent)
"Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets," Mark Berven, president of Nationwide Property & Casualty, noted in the report. "That's why we wanted to raise awareness of this trend for both agents and their small-business clients during."
Yet here’s an interesting twist to this cybersecurity discussion: New Canadian data from internet security provider ESET and market research group Ipsos shows that one in four Canadian small and medium businesses (SMBs) with yearly revenues of $10 million or more have been victims of a cyberattack, compared to only one in 10 Canadian SMBs with revenues under that threshold.
"These SMBs with revenue over $10 million are exceptionally vulnerable to cybercriminal activity," noted Iva Peric-Lightfoot, country manager for ESET Canada, in a statement. "Businesses of this size have the same attractive assets as enterprise-level organizations, but tend to have a lower level of protection and less sophisticated security solutions in place."
Here’s another scary factoid from ESET’s poll: one in five Canadian SMBs that were victims of a cyberattack suffered a significant loss to their business because of their inability to service customers. And considering the fact that SMBs make up 98% of the businesses in Canada, such attacks have real implications for the health of Canada's economy, Peric-Lightfoot stressed.
"When an SMB grows, it doesn't just grow in terms of employees and endpoints requiring protection; [it] needs to adjust security solutions in tandem with this growth,” she said.
"This is not to say that businesses with under $10 million in revenue should not be concerned. In fact, these are the companies that often have a harder time recovering should a breach or attack happen,” Peric-Lightfoot pointed out. “They may not be targeted as often, but they also probably don't have the in-office expertise to react quickly.”
And that “reaction time” is going to be more and more critical as the world becomes more connected and all organizations – large and small alike – continue to face growing risks for cybersecurity attacks, noted the National Cyber Security Alliance (NCSA).
Indeed, that group pointed out that the number of breaches exposing more than 10 million identities went up 125% from 2014 to 2015, with 429 million identities exposed in breaches last year.
"Organizations of any size – including healthcare providers, colleges and universities, government agencies and nonprofits – can fall victim to cybercrime, which could result in stolen personal information or intellectual property or serious disruptions to our daily way of life," stressed NCSA Executive Director Michael Kaiser in a statement. "It's important for employees at all levels to be keenly aware of the roles they play in keeping their own workplaces – and the general public – safer and more secure online."
Here are a few resources to help your trucking business better secure its digital frontiers:
- The C³ Voluntary Program SMB Toolkit: This toolkit includes resources specially designed to help SMBs recognize and address their cybersecurity risks. Resources include talking points for CEOs, steps to start evaluating your cybersecurity program and a list of hands-on resources available to SMBs.
- U.S. Computer Emergency Readiness Team (US-CERT): US-CERT provides the latest information on how to secure your business networks.
- National Initiative for Cybersecurity Careers and Studies (NICCS) Portal: Creating a culture of cybersecurity in the workplace means equipping employees with cyber training. The NICCS Portal provides a robust listing of over 2,000 cybersecurity and cybersecurity-related training courses offered in the U.S.
- NCSA Technology Checklist for Businesses: This checklist will help you identify the technology your business needs to protect, and shares basic security tips, considerations and resources that can assist in detecting, responding to and recovering from cyber incidents.
- CyberSAFE Readiness Test: End-users play a critical role in protecting their organization's data, but they are often the weakest link in the security chain due to lack of awareness of potential threats. The CyberSAFE Readiness Test is a complimentary tool that can be used to measure the extent to which employees can recognize and avoid common cyber threats like phishing, malware, and non-secure websites.
- Complimentary NCSAM Kits: Help keep cybersecurity awareness front and center in your organization with a complimentary NCSAM kit. The kits, created by Logical Operations, include cybersecurity PSAs to hang up at your office, tent cards to place in breakrooms, web cam privacy covers and emails you can send to your employees.
- Council of Better Business Bureaus (BBB) Cybersecurity: The BBB, in partnership with NCSA, created resources providing small- and medium-sized businesses with the tools, tips and content they need to help manage cyber risks and learn about cybersecurity best practices in the business digital world.
- Start with Security: A Guide for Business. The FTC's Start with Security initiative includes new guidance – including ten key steps – for businesses that draws on the lessons learned in the more than 50 data security cases brought by the FTC through the years.
- Data Breach Response: A Guide for Business. You just learned that your business experienced a data breach. Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company's website, you are probably wondering what to do next. Check out this resource to learn what steps to take and who you should contact if personal information may have been exposed.
- U.S. Small Business Administration (SBA) Managing a Business – Cybersecurity: Small businesses have valuable information cybercriminals seek, including employee and customer data, bank account information and access to the business's finances and intellectual property. The SBA provides tips for small businesses and links to other useful resources.
NCSA added on last recommending to improving a company’s cyber defenses: developing a “top-down” approach to building what it calls a “culture of cybersecurity” in the workplace.
Kaiser said company leaders must start from the top and begin by identifying the critical information to protect – or "crown jewels" – such as consumer data, employee data, copyrights and intellectual property and securing that information.
"The groups that work to build up their resistance and resilience are best prepared to combat cyber threats," he pointed out.
Good advice, if I may say so.