Staying cybersafe: Essential cybersecurity tips for trucking fleets

While it is common today to see cyberattacks and online breaches in the news, for those who have not felt their effects firsthand, it may feel far-removed. To keep it that way, it is more important than ever now to understand that without consistent monitoring and proper precautions, a cyberattack can happen to anyone, and many attacks are actually caused by simple mistakes that could be made by any person at any level in any organization.

Common mistakes that put fleets at risk

Things as simple as clicking on an attachment or a link in an incoming email or using the same password for multiple online accounts can trigger an attack, creating problems not only for the individual but potentially leading to a fleet’s infiltration or even shutdown.

This summer, researchers for Cybernews reported discovering lists of billions of exposed usernames and passwords from major platforms, including Google, Apple, and Facebook. According to the June article, it was not known who compiled the data or where it came from, but cybercriminals were at least partly responsible for it. Its disclosure potentially puts millions of users at risk for identity theft, account takeovers, and targeted phishing attacks.

Since the breach, Google has been advising Gmail users to update their passwords. In a Google Cloud blog post titled “The Cost of a Call: Voice Phishing to Data Extortion,” the Google Threat Intelligence Group (GTIG) spelled out a recently reported tactic involving hackers pretending to be customer support representatives from companies like Google or Apple.

Through deceptive emails and phone calls, known as phishing and vishing (voice phishing), attackers attempt to manipulate users’ trust and talk them into handing over passwords, multifactor authentication codes, and other sensitive information. Once divulged, these details can give hackers access to individual victims’ accounts, which can even ultimately mean access to entire companies’ computer systems.

GTIG specifically mentioned Salesforce, a cloud-based software company that works in partnership with Google, and stated it has been tracking “a financially motivated threat cluster that specializes in voice phishing campaigns specifically designed to compromise organizations' Salesforce instances for large-scale data theft and subsequent extortion.”

According to the post, attackers were able to repeatedly breach networks because their operators were so convincing at impersonating IT support personnel. The report made it clear that, as a result, neither Google nor Salesforce had been breached at the company level. “In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce.”

Perhaps not surprisingly, cybercrime is increasingly involving artificial intelligence (AI). The Federal Bureau of Investigation (FBI) San Francisco Field Office issued a release last year warning about perpetrators who use AI in their cyber scams:

“In addition to traditional phishing tactics, malicious actors increasingly employ AI-powered voice and video cloning techniques to impersonate trusted individuals, such as family members, co-workers, or business partners. By manipulating and creating audio and visual content with unprecedented realism, these adversaries seek to deceive unsuspecting victims into divulging sensitive information or authorizing fraudulent transactions.”

Former special agent in charge of the FBI’s San Francisco Field Office, Robert Tripp, was quoted in the release, “As technology continues to evolve, so do cybercriminals’ tactics. Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike.” He added, “These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”

Unfortunately, cybercrime is not going away, and any individual or organization using devices that connect to the internet, Bluetooth, Wi-Fi, or cellular networks are vulnerable to an attack. Obviously, it is important to follow the basics, such as creating strong passwords, avoiding using the same login credentials for multiple accounts, using two-factor authentication, and not clicking on links or attachments unless you know and trust who sent them.

Practical steps to protect fleet data and operations

Following are some additional, equally important steps from the April 7, 2024, International Security Journal article, “12 Ways to Prevent Cyber Crime,” by Simon Burge:

• Keep software and devices updated to patch vulnerabilities that hackers could exploit.
• Install reputable antivirus and anti-malware software and keep it updated.
• Use a virtual private network (VPN) when accessing the internet from unsecured networks, including public Wi-Fi networks.
• Don’t save passwords on your browser. Instead, use a secure password manager or memorize them.
• Limit the personal information you share on social media and adjust your privacy settings.
• Back up important data regularly onto external devices or to the cloud.
• Disconnect the compromised system/device from the internet, change your passwords, run an anti-virus scan, inform the relevant authorities, and notify your bank or other affected institutions if you suspect a breach.