In a recent survey of more than 500 companies in the U.S. and globally, 68% said they are better prepared than their competitors to fend off a cyberattack. The survey, conducted by FICO and Ovum, also found that smaller businesses were even more confident, with 82% believing they are not at risk of a data breach. That means only 18% think they could be targeted, yet the same survey asked whether they had controls in place to prevent a data breach, and 23% said they did not.
Clearly, there are businesses who don’t believe they are at risk and are not doing anything to protect themselves.
“Firms have a lot to lose when it comes to their privacy and security risk and must have an accurate picture of how protected they really are,” said Doug Clare, vice president for cybersecurity solutions at FICO. “These figures point to the fact that many firms don’t know how they compare against their competitors, which could lead to an under-investment in cybersecurity protection. Based on the survey results, many organizations would be surprised by what an objective view from the FICO Enterprise Security Score could tell them about their relative levels of cyber risk.”
When cyberattacks make news, it is usually because they are large attacks. In the transportation world, two attacks in 2017 refocused attention on prevention. Container line Maersk was hit and it affected operations for weeks, eventually costing the company close to $300 million in losses. FedEx’s TNT subsidiary was also hit in 2017. The eventual cost? At least $300 million.
Those are large company examples that you would expect to have had some level of security, and yet they still fell victim. If you are a smaller company – be it a carrier, owner-operator, broker or shipper - are you really safe? A single cyberattack could be substantial enough to shut down your business – for good.
If you think that you are not a potential target, think again. According to Verizon, 61% of cyber victims are small businesses. Whether you run a one-truck operation or a small fleet, your vehicles are likely a connected device and a potential hacking point. You may not think of it, but you also are collecting customer data, often times through innocuous interactions such as email exchanges over loads. These exchanges may include identifying documents or documents with billing or account information.
While you may think you are protected, how many times have you logged onto your tablet or laptop at a truck stop or any other location to use public WiFi? If you have, you could have exposed your data to thieves.
Malware is one type of cyberattack, but not the only kind. There are also advanced persistent threats, distributed denial of service, inside attack, password attacks, phishing, ransomware, and zero day attacks to name a few. You can read more about these different types of attacks here.
As a small business, you probably don’t have the resources to protect yourself like larger companies do, which is why cyber criminals target so many small businesses, so what can you do?
Cobb advised implementing an automatic data backup solution so that if you do get hacked, you can retrieve your data. This can be important if you are a victim of a ransomware attack where the attacker demands payment for release of your computer. Often, experts say, even if you pay the ransom, you will not get back the computer or your data will already have been stolen. Having a backup of data ensures you will retrieve what you need.
Second, Cobb said, is to deploy encryption software to protect data, and finally, utilize two-step authentication processes for internal programs.
You can also set up a firewall, which comes with most major operating systems these days.
If you are not sure how to go about protecting yourself, or before deploying solutions want to ensure you are spending your money wisely, the Small Business Association has an online, self-paced training program focused on securing information for small businesses. The course, which lasts about 30 minutes, explains the importance of securing information through best cybersecurity practices; identifies the types of information that should be secured; identifies the types of cyber threats; defines risk management; and lists best practices for guarding against cyber threats.
Finally, you can turn to insurance. Most insurance providers today offer some form of cyber insurance, and pricing and coverages are designed to fit the budgets of all business sizes. While insurance won’t stop you from becoming a victim, it might prevent the financial ruin that could follow.
Whether you are a single-truck operation, small fleet, one of the largest fleets in the country, broker or shipper, if you do any business on a computer – and who doesn’t today – you and your data is at risk, meaning prevention should be a top-of-mind concern.