On October 23, the American Trucking Associations (ATA) are set to release innovative anti-hacker technology that would report cybersecurity threats.
The Fleet CyWatch (CQ) service is a service that would be able to detect cyber threats to on-board trucking data systems that could be used to steal valuable carrier information. Further, this security system can also report back-end breaches that could potentially damage onboard systems.
In a press release, the ATA explained, “Cybersecurity affects every employee, from the truck cab to the boardroom, so motor carriers that adopt companywide policies and procedures to protect data have a leg up on cybercriminals. Data is quickly becoming a transportation company’s single most important asset, and it is an asset worth protecting.”
“Trucking is in a new era of communications and connectivity, and this is very new to them and we’re trying to be in front of it,” said Ross Froat, ATA’s engineering, and IT director, who is leading the development of the service.
With the implementation of ELD’s in December and the ever approaching adoption of autonomous trucking, the trucking industry will have to adjust accordingly in order to successfully transition to a more tech-savvy way of doing business. With the ever-evolving trucking industry, cybersecurity needs to be a top priority.
The ATA further examined the most important components that go into securing cyberinformation.
Steps to secure data:
- Policies and Procedures: Focuses on the internal operations and the cyber practices of employees
“A huge percentage of data breaches are human error and there is often too much focus on investing in the latest technology, as opposed to risk management on business practices and employee education,” said Jarrett Shearin, Director of Commercial Insurance at the Marsh & McLennan Agency, “Security comes down to people, processes, and technology.”
It is important for employees within the trucking industry to be aware that one wrong click could mean the security of the entire organization could be compromised.
In such a case, companies are advised to:
- An incident response plan in the event of a data breach
- Best practices for working remotely
- Limitations regarding access to and use of data
- Password protection
- Guidelines regarding the use of mobile devices
- Encryption procedures
- Employee training
According to Shearin, upwards of 60% of data breaches are the result of employee error.
2. Contracts: Contracts must address the protection of data and proprietary information when sharing data with a third party. It should be made clear who owns what data and who will be managing it. Efficient data management is key in creating a secure cyber environment.
Third party restrictions to data should include:
- Limiting access to certain employees
- Restricting the storage of data for future use
- Restricting the sharing of data by the third party
- Compliance with industry standards
- Where and how the data will be stored
- Return of the data when the business relationship ends
Companies should hold third parties to the same, if not better, standards at which they hold themselves.
3. Insurance: No matter the amount of preparation, breaches in security do happen. Traditional general liability policies do not provide coverage for cyber attacks or data breaches; therefore, cyber insurance is a must.
“A data breach is a fast-moving crisis,” said Bob Wice, Technology Media & Business Services focus group leader. “There isn’t time to learn how to respond. You need to prepare in advance and you want to work with a partner who has been there before.”
No matter the size of the company, no company is exempt from being the victim of a cyber attack.