Thursday, April 16, 2020

Typical Shipping Executives and Logistics Managers Might Wish to Take Some Expert Advice

It's Sometimes Hard to Acknowledge Younger Colleagues Know More About Cyber Security
Shipping News Feature

UK – WORLDWIDE – Anyone who has attended a major logistics event, a shipping conference, a commercial vehicle trade show etc. will be familiar with the typical attendee, and for all the lip service to gender and age equalisation a police sketch of the type would doubtless result in a middle aged, possibly balding, white male.

Now with all due consideration for the argument of wisdom coming from age and experience, even the most bigoted shipping executive would be forced to admit that, when it comes to computer literacy, his (or just possibly her) knowledge will fall short of that of younger, more internet savvy colleagues.

And therein lies a huge danger, with Covid-19 forcing many to work from home, a practice which may well have permanent implications for jobs in the future, all companies need to rethink their approach to cyber security. What of course makes this even more complex is that every case is individual, a vast array of devices are now involved in maintaining the business, now linked via another quantity of miscellaneous broadband and WiFi suppliers using home networks.

Our typical shipping executive will flounder in such a scenario and needs to learn very quickly how best to protect both business, and staff, from the possibility of outside agency interference. This month Mollie Payne (who incidentally looks nothing like a middle aged, balding shipping exec), Customer Success Manager at Senseon the cyber security experts, has written a piece which gives some very sound advice on how to protect a business from the hackers.

The original article can be read here but a précis of some of what needs to be done follows together with some additions of our own.

Allowing the employees of an organisation to use their own computers, smartphones, or other devices for work purposes is known as BYOD. Most devices other than laptops lack decent security and can provide a gateway into a system. It may be cheaper to supply a laptop with reliable security for use at home rather than risk infection.

Staff need to be aware of the risks, a sensible formal explanation and written policy of what they could be exposed to may make them think twice before installing that browser plugin or clicking a malicious link. When talking to each other secure collaboration tools, such as Slack and Google Hangouts are convenient and secure ways for teams to communicate. Where possible ensure collaboration tools offer end-to-end encryption and store data privately.

Encourage staff not to install their own virtual private network (VPN) software. There are many examples of malware masquerading as free VPN software. Once again it may be more advisable to pay for a reliable source. Organisations with VPN capabilities already in place may wish to review whether they can support the increase in data consumption that mass working from home would bring. Otherwise, they could risk very slow connections or a loss of connection entirely which could impact the performance of the whole workforce.

Connections to the internet mean once again an element of formal instruction. No public WiFi, that’s a no-no, however Mollie Payne says a 4G or 5G connection is a much better option but obviously there could be a cost factor based on internet use and contract terms. As far as anti-virus software is concerned again always go for a reliable name, anti-virus can only detect threats based on previously seen attacks. Make sure all devices leaving the office have anti-virus installed or, where already in place, that they are updated.

An often overlooked consideration, devices carrying sensitive information outside of the corporate network should have encrypted disks. Workstations remaining in the office unattended should also have their disks encrypted, you wouldn’t leave all your client files put our on a desk for the cleaner to look at would you?

Mollie Payne suggests power down on site any unused hardware and ensure everything is encrypted by default (might be an ideal time to clean those screens and computers, especially as we are in the middle of a pandemic). And above all, change those passwords regularly and employ two factor authentication (2FA) where possible.