As cyber criminals get more sophisticated, cybersecurity has evolved to put more walls between them and valuable user data. Leading strategies include encryption and multi-factor authentication (MFA) – which takes the traditional username/password approach to digital security and adds authentication factors like thumbprint, face and voice recognition, PIN numbers and trusted device authentication.
“It’s about making the wall high enough or making multiple walls that hackers have to climb over,” said Ron Godine, VP of Information and Cloud Technology for TMW Systems. “You can’t just put in one solution and be done. You have to put in multiple solutions because any one of them can be compromised.”
But the human element can’t be ignored, either, Godine noted, as “clicking on that email” remains the most common path to security breaches.
“Sometimes it’s not the most sophisticated attack that succeeds,” Godine said. “What we see is people who have their firewalls up and they have all their protection, analytics and intrusion detection systems at the front door. That’s not the place the hacker enters. They go through the back door, the side window and other exposed points you aren’t watching carefully.”
While it’s important for fleet operators to look into technology-driven security measures, it’s equally important to train staff to adhere to proper security protocols.
Set Standard, Policy, Enforce and Review
“Set standards, make sure there is an access policy in place and that it’s enforced and reviewed,” he added. “Usernames and account passwords should have appropriate complexity and should not be the same. We’ve seen that – default passwords, easy-to-guess passwords, like passwords across the company, but that’s the way most people hack into systems.”
Account management and review, he added, are good old-fashioned weapons that help companies make sure they’re doing what they can to improve security.
“Do the things you can do because there are going to be things you can’t do,” Godine said. “Look at your directories, look at your user lists and make sure those are legitimate; make sure the complexities of passwords and accounts are there; and make sure that the people who administer only have the appropriate access they need.”
As more and more technology is integrated into commercial trucks, it’s important for operators to consider their own security risks. According to Godine, these can vary broadly from company to company, and not everyone is eager to invest time and money in improvements.
“I’ve seen some operators that have incredible security considerations, which I think is excellent,” Godine said. “Some are very concerned about access and sign-on considerations. But the vast majority don’t have the energy and resources to think about it. They just kind of want to know what it takes to get it running, and they don’t necessarily think further about what that data might be exposed to or what other issues might occur.”
For these companies, cloud-based transportation management solutions and other business software can prove valuable by allowing them to passively reduce their security risks. “A big part of why we believe cloud-based solutions are advantageous is we can focus our efforts for security on a smaller risk surface,” Godine said.
“To be secure, customers have to duplicate all of that structure. Some of them do it very well, by the way, but all that additional security is overhead for their business. With our business it’s material. We care about it and we have incentive to care about it because we want customers to trust that we are the best at actually running that software.”
Ready to explore what security in the cloud can do for your business?