The Coronavirus disease (COVID-19) added fuel to the seasonal cargo theft fire. However, the pandemic is also driving a spike in ransomware.
Ransomware attacks have spiked 715% year-over-year—just as data backup and security experts predicted.
This skyrocketing cybercrime could not only bring transportation businesses to their knees, but it could also hold devastating consequences for COVID-19 vaccine distribution.
Here’s some vulnerabilities and leverage points:
- Many folks are working remotely, therefore data backup and security practices may not be as robust as they are at the office.
- Businesses often underfund data backup, security and disaster recovery, and transportation businesses are no exception.
- Strained by a once in a 100-year pandemic, people are tired, overwhelmed and more likely to click a link or download a file from a source that if rested and focused might give pause.
- There is intense pressure to rapidly distribute the COVID-19 vaccine.
And, cybercriminals see it, too.
Worse yet, according to a New York Times article on recent attacks, “...some cybersecurity experts say they suspect something more nefarious—efforts to interfere with the distribution, or ransomware, in which the vaccines would be essentially held hostage by hackers who have gotten into the system that runs the distribution network and locked it up and who demand a large payment to unlock it.”
Of course, your transportation business doesn’t need to play a role in COVID-19 vaccine distribution to be a target.
So, how can you protect your business against the ransomware threat?
First, it’s important to understand that data security solutions cannot prevent all ransomware attacks. That’s why taking a robust, three-pronged approach to protecting your business-critical systems, applications and data is crucial.
That means investing not just in data security, but also in end-user training, data backup and disaster recovery.
Be sure to ask these questions of your company:
- Have your prime cybercrime targets—business leaders—received ransomware training, and are they regularly communicating the importance of vigilance across the company?
- Is your company regularly conducting ransomware awareness training sessions and phishing simulation testing our team?
- Are you immediately updating software and implementing security patches?
- Are you restricting access to systems and data to only those who absolutely need it?
- Has your IT team or managed service provider implemented a 3-2-1 backup strategy? And, do you maintain three copies of data on two different types of media, one of which is stored off-site for disaster recovery?
- Does your business have a ransomware crisis plan in place, and did its planning extend beyond the IT team to also include cross-department leadership, including customer service and communications?
- Does your IT team regularly test the recoverability of systems, applications and data?
- Are you performing tabletop exercises to ensure your company is prepared, and to ensure you’ve identified any unknown vulnerabilities?
How can you avoid personally opening the door to cybercriminals?
It’s not always easy. Cybercriminals have grown increasingly sophisticated—they’re leveraging social engineering and expertly spoofing businesses we trust. And, it makes those urgent emails and web offers nearly irresistible.
That’s why, you should:
- Remain suspicious of unsolicited requests for your personal data, whether you receive them by call, text or email.
- Independently verify data requests by placing a direct call to the business using the contact information on its website—never the contact information provided in the message you received.
- Don’t click links or download files from sources you don’t know and trust.
- Don’t share personal or financial data via email, and don’t click links that request this information.
- Confirm the website you’re visiting is secure before sharing sensitive data (just look for the closed padlock icon and the HTTPS security protocol).
- Look closely at email addresses and URLs for the slight spelling or punctuation changes that signal a source has been spoofed (e.g. firstname.lastname@example.org vs. email@example.com).
- Be wary of generic email greetings from people you know (if something feels off, it probably is).
- Similarly, be vigilant of data and financial requests from folks who wouldn’t ordinarily make such requests of you, but who you’d be inclined to immediately service (perhaps that’s your CEO or an executive-level partner you’ve never met).
- Never use a flash drive that’s not your own or from a trusted source.
Ransomware is the quintessential example of prevention being worth a pound of cure. So, stay vigilant. We’re all in this together—and together we can keep the wheels turning.