Protecting data should be a top priority for all fleet organizations
While the world stayed home, techies had time to invent new ways to disrupt businesses and now phishing, ransomware, attack vectors and other cyber threats abound.
In an increasingly connected world, the security of data is paramount, and this is very true for fleet data.
Assessing risk
Organizations need to assess risk exposures and take reasonable action to protect data as a security breach can result in significant financial loss and disruption of operations.
Organizations need to be proactive and develop detailed policies and procedures around data security before a breach occurs.
What is the threat? According to IT Governance, the five most common cyber-attacks are:
- Phishing
- Accounts for approximately 1/3 of cyber-attacks.
- The hacker tries to trick the user into opening a link, downloading an infected attachment or providing confidential information.
- Ransomware
- Involve actual threats to deny access to files or to divulge personal information until a ransom is paid.
- Denial of Service Attacks (DoS)
- Can be revenge against a particular organization or a distraction to divert attention from other types of attack.
- Involves overwhelming the company’s website with requests so they cannot handle their normal customer traffic.
- Viruses
- Type of malicious code or program written to alter the way a computer operates.
- It can be built to spread between computers by opening an infected attachment or plugging in external devices.
- Attack Vectors
- Used to gain access to a computer or network in order to infect it with malware.
- This can be done by visiting an infected web page, software vulnerabilities or SQL attacks.
Three main goals
What is a company to do? In designing an approach to data security, organizations should seek to achieve three main goals—keep the data confidential, preserve data integrity, and ensure the data remains available for use as required.
Data confidentiality means that only the ‘need to know’ people can access protected information. This involves having proper identity checks and passwords to restrict access to protected information and it applies to internal employees as well as external threats.
The preservation of data integrity is equally important as it involves protecting the data from intentional or accidental changes. This can be achieved through targeted access levels (read-only, edit, etc) and regular data reviews.
Data needs to be available for the purpose it was collected. To ensure availability for authorized use, it needs to be protected from threats such as natural disasters or attacks.
Solutions that ensure data is confidential, accurate and available include the following:
- Make data protection a part of your disaster response and recovery plans.
- Restrict access and access levels to those who need it.
- Have plans to regularly test the security of your systems.
- Enlist encryption programs to store and send data.
Proven measures
Risks cannot be eliminated, but they can be reduced by implementing security measures designed to preserve and protect your data.
Some measures that have proven effective in protecting data include:
- Develop the network with security in mind from the start. Employ routers, firewalls and intrusion detection systems to thwart attacks.
- Hire monitors to regularly monitor traffic on the network and search for anomalies.
- Follow all regulatory requirements for data security and privacy.
- Educate employees in security protocols.
- Grant access to data on an ”as required” basis.
- Have automatic shut-off procedures to use when breaches are discovered to prevent further damage.
- Test system effectiveness. Try to break your system and implement improvements to the existing security.
There is definitely a lot that organizations can do to protect data, but the measures put in place are only as effective as the weakest link. Often that link is employee behaviour. Training employees to be suspicious and prioritize security can help.
Some important tips for employees include:
- Use multi-factor or biogenic authentication for protected information.
- Follow strict policies for creating, protecting and changing passwords.
- Use the latest security software and ensure all updates are made on a timely basis.
- Back up data often and ensure back-ups have the same level of protection as the primary source.
Implementing a comprehensive data protection strategy can avoid costly breaches and keep fleet operations on the road.
Kate Vigneau is Director (Fleet and Canada) for Matrix Consulting Group, providing fleet and other government consulting services to organizations internationally.