Physical safety and security is top of mind for trucking fleets big and small, but when it comes to securing data, are fleets taking enough precautions?

There are many myths in the industry that make some fleet managers believe that they don’t need to have an active role in cybersecurity, according to Cory Staheli, chief information officer of Washington-based Trans-System — the parent company of three fleets representing more than 1,000 trucks.

One such myth is that a fleet is too small to be a target. 

However, small companies are the “prime target” for being hacked, he said. About 76% of cyberattacks are on businesses with fewer than 100 total employees. If a small company has a large hack, it’s likely to go out of business in just a few months. “They’re not survivable events."

Fleets have all sorts of data that sophisticated hackers want, such as email passwords and account information. If there’s a breach, hackers can target payroll departments to request paychecks be deposited in different bank accounts, initiate executive payments and money transfers, and phish customers to misdirect payments. 

Staheli shared several best practices for effective cybersecurity during a presentation at The Machinery Haulers Association’s 2021 Safety and Security Conference in Lake Geneva, Wisconsin, on Sept. 9. Here are three easy ways to boost your fleet’s data security.

1. Practice Good Password Hygiene

Require all employees to create and use long, 16-digit passwords for all computer systems and their email accounts. Long passwords, with special characters and capitalizations, can take sophisticated hackers millions of years to crack. 

Frequently changing passwords, which is a common recommendation, is an ineffective practice, Staheli said. Requiring employees to change their passwords every 90 days, for example, can lead to other security issues. As password variations become harder to remember and keep track of, employees will often write them down or save them in their emails. Instead of changing expiring passwords, only require password changes if you believe an account has been compromised.

Staheli recommended creating a password that is in sentence form, with simple capitalization and punctuation. This will be easy to remember, but also harder for hackers to crack.

2. Use Multi-Factor Authentication

Enable multi-factor authentication on all systems. Multi-factor authentication requires users to provide two or more pieces of evidence to verify their identity in order to gain access to a system.

Staheli gave Microsoft Authenticator as an example of one such software provider.

3. Filter Emails

“Email is a really important part of your identify,” Staheli explained. “Email is a gateway because it’s the key to most password resets. If they can get into your email account, then they can go to every single website and select ‘Forgot Password.’” The more you can do to prevent email phishing from coming into your organization the better you are, he added.

Staheli recommends using an email filtering solution (Mimecast is one example) and taking time to educate employees on how to spot fraudulent emails.

Trans-System is the parent company of flatbed trucking company System Transport; refrigerated and heavy-haul trucking company TWT Refrigerated Service; and dry and liquid bulk transportation company James J. Williams Bulk Service Transport.