What this guide covers:
Cybersecurity is a buzzword across industries. And for organizations that use maintenance software, it’s no different. There’s no denying that more and more, we are living lives that take place online. Our name, photos, email, address, credit cards, even our taxes and banking are stored in cyberspace. Our personal information exists online now, and there’s no way around that.
In an era of data leaks, there’s never been a better moment to understand how to secure your personal, organizational, and customer data. While there is no silver bullet to avoid becoming the target of a cyber attack, there are many best practices to reduce your risk or lessen the impact of attacks that might occur.
This article will take a sharp focus on cybersecurity for people working within a maintenance department, but we’ll cover tips that are useful for anyone regardless of title or industry. We’ll also cover safe use practices for email, social networks, mobile devices and more. Read on for some useful cybersecurity tips and best practices.
Types of cyber attacks
According to the Transportation Security Administration, there are two categories of cyber attacks and cyber intrusions: cyber attack (CA) or cyber espionage (CE).
Cyber Attack (CA)
- Any actions direction against computers, information systems, networks and/or data stores to disrupt, damage, or destroy them
- Malware that may delete, altar, corrupt, disrupt, or destroy data, files, or networks
Cyber Espionage (CE)
- Actions taken in cyberspace intended to covertly acquire information or access from an attack
- Malware that transfers data and hides itself and its activities
- Persistent, discreet access to a network
What is cybersecurity for maintenance teams?
Cybersecurity refers to any efforts or action to secure and protect critical information by preventing, detecting, and responding to cyber attacks. Cyber attacks usually aim to access, change, or destroy sensitive information; extort money from users; or interrupt normal business processes.
It can involve taking action to address known vulnerabilities in your software or operating system or shortcomings in your security practices such as weak passwords. The field of cybersecurity is constantly growing as new types of technology and therefore vulnerabilities are introduced to our systems. That’s why it’s critical to stay informed on best practices promoted by governments, industry leaders, and your organization’s security policies.
✔️ Set strong passwords, and update them regularly. Don’t share passwords with anyone. If you tend to have difficulties recalling your passwords, as many of us do, consider a trusted password-managing app like 1Password or Dashlane.
✔️ Keep software, browsers, and operating systems up to date with the latest security patches. When your devices are not up-to-date, you leave vulnerabilities open to attackers.
✔️ Get comfortable using privacy settings, rejecting cookies, and limiting the amount of personal info you share online.
✔️ Backup your data. While having backups doesn’t prevent attacks, it certainly can lessen their negative impact.
✔️ Participate in regular security training to stay up-to-date on the latest developments and best practices
✔️ Do not access your company’s systems from public networks. Access them only through trusted and safe networks.
✔️ Do not share any devices used to access company resources with another person, including family members.
✔️ Never access your company’s systems from public computers (e.g., from a business center, hotel, etc.) except in emergency situations. Make sure to log out of the session and don’t save anything. Don’t check “remember me”, collect all printed materials and do not download files
✔️ Ensure your organization has an access control policy to limit access to information, information processing systems, and networks. Make sure to periodically review and update your security policies.
Protect your devices
Keep a clean machine
Ensure you stay updated across the systems and apps you use to web browsers and your software OS. Update all network, internet, and OS patches related to security. Staying up-to-date is an important step to better cybersecurity as many updates are designed to patch known vulnerabilities. Make sure all devices you use have antivirus tools and ensure they stay up-to-date. Any device that connects to the internet from tablets, to computers, to gaming consoles should have the latest version of a trusted anti-virus tool installed. Also, ensure that a secure, up-to-date firewall client software is configured on your device before connecting to any outside network.
USBs are largely becoming obsolete in favor of cloud-based file transfer methods. A big reason for this is that any USB key can be infected with malware.
Block scripting on email and browsers
Configure your browser to block active content like ActiveX, Java, scripting, popups, and other harmful content. A common feature on all the major email clients is to disable scripting and block images until they are downloaded by the user.
Be vigilant with downloading anything off the web
Website’s by and large should not prompt downloads via popups. Hackers can come up with clever ways to legitimize download requests, so be wary when downloading anything from an email or website that you do not know and trust.
Read privacy agreements
I already know this tip is going to be popular! 😉 When downloading a tool from the web, how many times do we scroll through without reading a privacy agreement? But, critical information about how your data is stored and monitored is contained in these documents, and shouldn’t be taken lightly.
Avoid clicking without reading
When installing software, read all instructions and look out for default options prompting your computer to install additional software. This can be a particularly clever way to tack on malware to an otherwise trusted tool.
Audit the security of your software vendors
Ask your fleet management software provider about their cybersecurity best practices. Ask them if they have a third-party service organization controls (SOC) report to prove they follow best practices. Inquire about the types of penetration tests that have been conducted on their products. Ask them if they have tested for the OWASP Top 10 security risks. And, understand what kind of training their team is provided to ensure they understand the safe use of certificates and keys. An important action you can take is to ensure you read and understand your vendor’s privacy policies and verify that you understand how your personal and organizational data is handled and stored. Lastly, use a security rating tool such as BitSight or Upguard to assess the cybersecurity of vendors.
Do not leave unlocked devices unattended
Leaving a device unlocked and unattended is like leaving a vehicle with a door open and the keys in the ignition. Lock your devices using a strong pin. Set up your devices so that they automatically lock within a few minutes of non-use. Immediately report any suspected misuse, theft, or loss of a device immediately to your security or IT team. Consider using a cloud storage service that provides end-to-end encryption.
Read names, emails, and website info
Spoofing is a method used by cybercriminals to appear as another person or source of information. Sometimes a website or email can appear legitimate at first glance. Be careful with emails that appear to be written “On Behalf of” an individual, even if you know and trust the name. Another common type of spoofing may be using a fake email address or name that is very similar to a trusted co-worker, but with a slight change that can be missed without vigilance. Always check a link destination before clicking a link in an email. Do not forward any suspicious emails to your colleagues or IT team, instead if you need to notify your security team of a spoofing issue, take a screenshot of the email.
Use a VPN
A Virtual Private Network (VPN) connection is an important tool for remote workers to help employees remotely and securely connect to your business’ network. It creates a secure, encrypted tunnel between your computer and your corporate network. It keeps out any unencrypted traffic.
Disable wireless networking
If you’re not connecting to the Internet, turn off wireless networking. Unknowingly connecting to networks you do not trust can leave your device vulnerable.
Save backups of your data frequently so that you can roll back to an earlier version if your data is ever compromised, corrupted, or held ransom.
How to handle a cyberattack or cyber incident?
Reach out to your IT department
In case of a cyberattack, it is critical that you reach out to IT or system administrators immediately to get the right people informed and ready to take action.
Verify that the software is up-to-date
Ensure that all your devices with access to your network are updated to patch any vulnerabilities that could be present.
Disconnect from the internet
Doing this as quickly as possible can prevent bad actors from accessing your system.
Ensure your anti-virus software is up-to-date and complete a full scan
If there is an infection, your anti-virus should help you complete a system restore. Ensure your anti-virus software is configured to detect and prevent or quarantine malicious software, perform periodic system scans, and have automatic updates enabled.
Secure compromised data
If you are aware of any sensitive information that has been compromised, share details with your IT or system administrator.
File a report
If you experience a cybersecurity incident, report the incident right away. If you live in the US, it is also advised that you file a report with the Federal Bureau of Investigation’s Internet Crime Complaint Center. If you live in Canada you can report spam through the Government of Canada website.