Omnitracs' Road Ahead blog

Security first: 3 ways to keep your cabs and company safe from malware

Sharon Reynolds
Chief Information Security Officer

Harmful third-parties attempting to gain access to your sensitive data seems like something out of a heist movie. But ransomware — or phishing — can be launched against anyone, in any industry. In fact, in 2017, logistics company Maersk fell victim to the NotPetya ransomware attack that caused significant damage and $250 to 300 million in losses.

The problem continues to plague large companies, small fleets, and owner-operators in the transportation and logistics industry. With today’s vehicles having a higher level of connectivity, hackers are designing emails to look like they’ve originated from legitimate transportation-related websites and applications. Remember, paying out isn’t the best defense against ransomware; we need to be proactive against hackers rather than reactive.


Everyone has a part to play when ensuring security

Large to small fleets can create a role dedicated to security that will establish an incident response plan, detailing what phishing emails may look like, what to look out for, and what to do and who to contact after opening a potential phishing email.

Owner-operators can hire an outside resource to establish their incident response plan and have them check in periodically to ensure continued security.

Drivers and back-office staff members can act as human firewalls against malware. To prevent dangerous cybersecurity threats, drivers can bring the same safety-first mindset they have on the road to their online behaviors.


Here are three things you can do today to keep data secure across your entire operation

     •    See something, say something: If you see a suspicious email, report it. By alerting your team, you can stop others from falling victim to the same attack.

     •    Stop, think, act: Before opening an email link, assess if it’s safe by confirming the identity of the sender and checking the URL.

     •    Know the warning signs: Typical attacks have odd “from” addresses and generic greetings —be on the lookout for misspelled words, incorrect email domains, and a request to open a link almost immediately with little detail.


When receiving emails with links or attachments, ask yourself:

“Do I expect an email from this person?”

“Can I confirm that this person sent this email to me by calling or messaging them?”

“Does the email attempt to provoke any of the following emotions:

          Greed: dangle a financial reward if you click or enter your login information,

          Urgency: provides a strict deadline or attempt to fluster a response,

          Curiosity: promise of showing something exciting, interesting or forbidden

          Fear: threaten with negative consequences or punishment?”


If you see a suspicious email from a possible broker or transportation-related website, read all information thoroughly and – if available – contact your security professional or IT department to determine the risk. Remember, be suspicious first and don’t click any links until you’re sure.

For more insights, take a look at my last post From visible to invisible threats: How the trucking industry is navigating the cybersecurity landscape.

And if you, a team member, or someone else you know is interested in getting more involved in ensuring security, check out the annual Cyber Truck Challenge, where engineers and industry professionals test truck technology by trying to hack their systems.