Cybersecurity 101 is a new monthly series on Overdrive intended to help owner-operators and small fleets navigate the growing risks of cybersecurity threats, identity theft, online scams and more. In this installment, Sandip Patel, director of information security for Truckstop.com, presents best practices for avoiding malware attacks and, thus, protecting your data and your bank accounts from hackers.
Thinking your one-truck business is too small to be targeted by hackers and malware is a recipe for disaster. Educating yourself on the latest threats and taking steps to protect yourself will drastically reduce your chances of becoming a target and having your information compromised.
Malware includes a broad spectrum of malicious software programs, like viruses, ransomware and spyware. Because it’s so prevalent, malware sometimes gets dismissed as more of a nuisance. Yet for those who manage their own business, like owner-operators, malware has the potential to completely ruin a company that isn’t equipped to handle it.
Cybersecurity is a multi-billion-dollar-a-year industry, and no business or person is invulnerable to cyber attacks. Here are some basic steps to take in protecting your data — and your bank accounts.
Be wary of strange emails and calls. This is a big one for the transportation sector. A recent report found that phishing attacks, which includes someone impersonating friends or family, accounted for more than a quarter of total threats detected in the fourth quarter of 2019. Phishing attacks use so-called “social engineering” to try to get you to click a fraudulent link or to provide personal information, such as bank account numbers or login information.
Social engineering can be disguised as an email that looks like it’s coming from your bank, a tech support team, the government or even a social media post. It can also come as a text or phone call.
Always be wary of cold calls since criminals can pose as representing any organization. If a call seems suspicious, hang up and call the entity the caller allegedly represented. And never transmit personal information via text, especially things like credit card or social security numbers.
With email, look for red flags. Some are obvious, such as weird sentence structure or line breaks, unprofessional language, misspelled words, etc. Check the sender’s email address. Does the domain name, for example, microsoft.com, match that of the actual company the sender claims to be with? Before clicking a hyperlink in an email, hover over the link to check the URL. Does it look legit?
Also, be sure you are familiar with the typical methods of communication for the organizations you regularly work with (IRS, banks, software vendors, etc.). Some entities have policies that they never ask online for passwords or certain other information. When in doubt, call the organization directly to verify.
Use strong passwords and avoid public WiFi. Following a few simple tactics will actually help you avoid the majority of online attacks. Always use strong, complex passwords and/or a password manager. To be strong, passwords should be unique, not written down and changed often. Also, they shouldn’t be tied to personal information, such as your address or middle name, that could be easily found online. If you have lots of different logins, consider a password manager or authentication key fob that collects, remembers and encrypts passwords.
When you’re on the road, never use public WiFi and always make sure you’re using a secure connection. Check for a padlock icon to the left of the URL. No padlock means the site isn’t secure. A URL should begin with “https” (the “s” meaning secure), not just “http.” Finally, if you’ve been logged into an account (business, personal, or other), always log out when you’re done, especially if you’re using a public computer.
Update your software. One of the simplest ways to protect your business against malware (specifically “exploit kits” that take advantage of vulnerabilities on your computer) is to make sure your operating system, browsers and plugins are up to date. This typically doesn’t cost a dime and is as simple as checking for security updates.
If you see an update for any systems, install them as soon as possible. Similarly, if there is there is old, unused software on your computer, remove it. Once a computer program or operating system reaches its end of life, its maker stops providing support. Cybercriminals frequently use old programs as a back door into your systems.