Maintaining cyber security awareness is something that many companies struggle to maintain, particularly in the logistics and transportation sectors. Even though cyber crime poses an existential threat to these industries, awareness of threats like phishing attempts and ransomware remains low.
As a critical infrastructure sector, the transportation sector is a critical component in the supply chain and a vital component of the economy. A cyber event that affects this sector’s operations would also impact every organization that relies on transportation and logistics to operate.
The 2020 Phishing Benchmark Global report revealed that the transportation sector is woefully underprepared to combat modern phishing threats, with the sector having an above-average phishing email click rate of 24.7%. The transportation sector also had the second-highest number of phishing web-form completion rates, with 17.5% of users submitting their password to a phishing website.
Employees also admit they unsure how to stay safe online, with approximately 55% of logistics employees feeling ill-equipped to identify or handle a significant cyber-attack.
The data shows that the ability to recognize threats remains poor among employees in the transportation sector, suggesting that stronger security awareness training is needed to bring employees up to speed on the latest threats. This article will examine the most significant cyber security challenge facing the logistics sector and how to leverage training opportunities.
The Challenge: Training Remote Employees on Cyber Security Best Practices
One of the main reasons for the low level of cyber security awareness toward phishing threats is that logistics and transportation companies have a high reliance on contractors or remote workers focused on maintaining operations and are distributed across multiple locations.
Managing a large and distributed workforce makes it difficult to ensure that employees and contractors follow cyber security awareness activities and apply proper cyber security procedures at any location and every time. IT security departments also have little control over employees’ training activities when the primary goals are to maintain business operations with minimal interruptions.
For example, it’s difficult for a shipping company to train and verify that remote workers follow essential cyber security best practices like using a VPN to encrypt traffic or verify emails before they click for malicious links.
Training such users can also be a challenge since employees and contractors aren’t necessarily at their desks all the time. Less time at their desks means less time to complete training materials. For most shipping companies, the solution is about developing a lean security awareness program that provides unique support for CISOs, IT security leaders and users to enhance overall organizational awareness.
How Shipping Organizations Can Increase Security Awareness: Tips for CISOs
There are several things that CISOs can do to increase security awareness among a distributed workforce:
1. Identify high-risk employees
Identify high-risk employees to pinpoint users who are vulnerable to cyber-attacks so that you can provide them with relevant training, educational materials, and phishing simulations to educate them about new threats and assess their overall knowledge of online threats.
2. Remind employees to select strong passwords
Issue employees and contractors with regular reminders to select strong passwords and encourage them to protect their devices from hackers trying to steal their data. Include tips as part of a regular reminder email to ensure employees know what makes a strong password.
3. Create BYOD policies and support them with online training sessions
Define clear BYOD policies to let employees know what security measures they need to follow to protect their devices when using them for work. To compliment your BYOD policy, you can provide training sessions detailing how to protect mobile devices and laptops from cyber criminals.
4. Use online training sessions
Provide access to online training resources such as courses, tutorials, videos, or virtual instructor-led training, to educate employees on cyber threats and remote working best practices. Our Working From Home Cyber Safely Kit is a comprehensive toolset you can use to bring employees up to speed quickly.
5. Send Out regular email newsletters
Produce regular email newsletters on the latest phishing and social engineering threats to keep cyber threats top of mind for employees and increase the likelihood of detecting actual cyber-attacks.
6. Limit network access
Restrict network access to users who have completed security awareness training and demonstrated a strong awareness of online threats. Preventing users from accessing your network or susceptible systems until they have completed security awareness training will lower the chance of problematic behavior leading to a data breach.
How Employees Can Stay Safe When Working from Home: Tips for Users
Staying safe while working from home comes down to awareness. Fortunately, there are some key steps users can take to protect critical systems and sensitive information when working from home:
1. Don't click on or respond to emails from unknown senders
Be suspicious of any emails you receive from unknown senders, as many seemingly legitimate emails include malicious links to phishing websites or malware attachments. If you open an email from an unknown sender by mistake, never click on any unexpected links or open attachments.
2. Select strong passwords
Create strong passwords with a mixture of uppercase and lowercase letters, numbers, and symbols with non-dictionary words will make it much harder for cyber attackers to guess your login credentials. Use a unique password for each system and never share them with anyone.
3. Encrypt your network connection with a VPN
When working from home, use a VPN to encrypt your network traffic so that a hacker can't eavesdrop. Transmitting unencrypted files or data raises the risk of someone snooping on your activity. Never share your multi-factor authentication codes and avoid connecting to the company network via unsecured public Wi-Fi.
4. Speak up if you notice anything unusual
If you notice any suspicious activity on your network or receive an email you think might be a scam, notify your organization immediately so that they are aware of the issue. Raising the alarm when you notice suspicious activity will enable your organization to respond and potentially mitigate some of the damage.
5. Ensure all Applications, Devices and Software are Kept Up-to-date
Regularly update all devices, applications, and software you use for work to avoid leaving system vulnerabilities exposed that hackers could use to steal your data. It's also important to incorporate other security measures like firewalls, malware protection, and anti-spam software to mitigate other vulnerabilities.
6. Engage with security awareness training
If your company has security awareness training, try to invest some time each month to read up on the latest threats or complete phishing awareness activities. Active engagement in the training program will increase your knowledge and reduce the chance of putting your company's and personal data at risk.
Recap
While the logistics and transportation industries may have limited cyber security resources, security awareness training can transform the industry as a whole. Providing accessible training materials and phishing simulations to users will ensure they know how to protect their own devices and fend off modern cyber criminals whenever they confront them.
Cyber Security Hub : Access Exclusive Cyber Security Content
Take advantage of the free Cyber Security Hub – it is your one-stop cyber security awareness and knowledge center with one-click access to our Strong Password Kit, COVID-19 Kit, Work From Home Kit, Phishing Kit and more.