WHAT CAN I DO TO PROTECT MY COMPANY FROM CYBERATTACKS?
Protecting your company against cyberattacks is one area of your risk management strategy that cannot be overlooked. According to StealthLabs, “A cybersecurity threat is a malicious and deliberate attack by an individual or organization to gain unauthorized access to another individual’s or organization’s network to damage, disrupt, or steal IT assets, computer networks, intellectual property, or any other form of sensitive data.” Examples of cybersecurity threats facing motor carriers include phishing, malware, and ransomware through email, cell phones, Wi-Fi, USB, and Bluetooth connections. Even electronic logging devices are vulnerable due to their connectivity to law enforcement, vendors, etc. To help protect your company from cyberattacks, here is a brief list of actions to consider.
EMPLOYEE TRAINING AND ACCOUNTABILITY
Employees are targeted heavily by cybercriminals, and it only takes one bad click or slip of the tongue to open the door to thieves. Conduct cybersecurity awareness training with employees to help educate them on the importance of this risk and the recognition of and response to potential threats. Also, do not allow employees to use company computers for personal business or surfing the web.
Establish a schedule to back up data from computers and servers to a portable or cloud-based storage. To increase protection, use strong encryption methods and multi-factor authentication.
Encrypt and secure your company website with a secure sockets layer (SSL) certificate. Your website’s URL should have ‘https’ in front of it to show users it is secure. Failing to do this can deter applicants who may be reluctant to share personal information on an insecure website.
Three common mistakes computer users make regarding passwords are making them too short, not changing them regularly, and using the same password for every online account. Using a passphrase that is unique and contains unrelated words is a good start. Also, the passphrase should consist of at least 14 characters and include a combination of upper- and lower-case letters, numbers, and special characters.
For additional information on how to protect your business against cyberattacks, go to the Federal Communications Commission website (https://www.fcc.gov/general/ cybersecurity-small-business) and download the “Cybersecurity Tip Sheet.”
CALL TO ACTION
• Train all employees on cyber-security threats.
• Hire a cybersecurity firm to assess your company's vulnerability to cyberattack.
• Develop a company information security policy.
• Implement data security, backup, and recovery protocols.
The information in this article is provided as a courtesy of Great West Casualty Company and is part of the Value-Driven® Company program. Value-Driven Company was created to help educate and inform insureds so they can make better decisions, build a culture that values safety, and manage risk more effectively. To see what additional resources Great West Casualty Company can provide for its insureds, please contact your safety representative, or click below to find an agent.
© Great West Casualty Company 2021. The material in this publication is the property of Great West Casualty Company unless otherwise noted and may not be reproduced without its written consent by any person other than a current insured of Great West Casualty Company for business purposes. Insured should attribute use as follows: “© Great West Casualty Company 2020. Used with permission by Great West Casualty Company.”
This material is intended to be a broad overview of the subject matter and is provided for informational purposes only. Great West Casualty Company does not provide legal advice to its insureds, nor does it advise insureds on employment-related issues. Therefore, the subject matter is not intended to serve as legal or employment advice for any issue(s) that may arise in the operations of its insureds. Legal advice should always be sought from the insured’s legal counsel. Great West Casualty Company shall have neither liability nor responsibility to any person or entity with respect to any loss, action, or inaction alleged to be caused directly or indirectly as a result of the information contained herein.