Every 39 seconds, another company falls victim to a cyberattack.

According to the FBI, phishing attacks have increased 400% since early 2020, with companies reporting a record 500 million cyberattacks between January and September of 2021. Top targets for cybercriminals include government agencies, education, services, manufacturing and logistics.

A recent Deloitte report found 83% of organizations suffering from a data breach because hackers infiltrated weaknesses within the supply chain. With the average breach increasing from $3.86 million to $4.24 million in 2021, companies have realized the impact that cybercriminal activity can have on their bottom line.

Even a small data breach can lead to lost customers, reputation and profits. As the trucking industry focuses on digital transformation initiatives, companies must prioritize data security. Trucking is especially vulnerable to cyberattacks because it’s a high-dollar industry with large amounts of credit- and cash-based processes. Its IT infrastructure is often older or understaffed, presenting a popular target for phishing. Trucking companies must conduct due diligence when choosing a vendor to verify that its software protects and maintains data privacy.

Cybersecurity has become a core consideration for the trucking industry’s ecosystem. While operators need information to flow freely, the ability to strike a balance between openness of information and protection against cybercriminals poses a significant challenge.

By working with a third-party vendor that specializes in cybersecurity software, rather than opting to manage cybersecurity in-house, the trucking company benefits from the vendor’s in-depth knowledge of common threats, vulnerabilities and solutions. In such arrangements, however, the trucking company doesn’t always directly control credentials used by remote vendors. Multiple networks with different user directories — and, likely, different security policies — create another challenge for IT departments struggling to manage security compliance. Partnerships between third-party vendors and trucking companies should include clear communication about the vendors’ actions within the companies’ networks.

Finding the Best Vendor

Trucking companies have a few options to consider when they work with technology vendors. Following are some suggestions for avoiding missteps.

• Choose a third-party vendor with a credible, proven track record and strategic values aligned with yours.
• Understand the value of the third-party’s data before you grant access.
• Set and clearly communicate your organization’s security expectations to vendors, and specify how they should secure your data with a master service agreement (MSA) and statement of work (SOW).
• Develop and implement an incident response plan.
• Allow third-party vendors access only to the information and data they need to conduct their business.
• Use continuous security monitoring of all third-party vendors and any contractors with whom they conduct business.

Avoid mistakes that could leave your company vulnerable to potential security issues. For example, opting for a one-size-fits-all approach rarely works, nor does creating generic, blanket expectations for cybersecurity.

Conduct due diligence before granting third-party vendors access to data. Create a hierarchy specifying who’s authorized to access what data, or consider implementing a “need-to-know” strategy.

When vetting a fleet management software provider, ask:

• Where is the data hosted, and how is it protected?
• How easy and intuitive is the platform to use? 
• Is it simple to monitor compliance? Is it possible to customize and set permissions for administrator and user access?
• How do onboarding and training work? What’s the vendor process for onboarding the company and employees onto its platform? What does the timeline look like for the entire process to become operational?

All fleet management software utilizes a structured approach, but that doesn’t mean the structure aligns with an organization’s goals, minimizes risks or manages compliance requirements. Some third-party vendors’ platforms extend an app’s capabilities, granting employee access to the policy library or the ability to pull reports for compliance audits, and file or archive documents to maintain compliance.

A well-designed platform should also include:

• Centralized internal controls;
• Integrated governance, risk and compliance (GRC) support;
• Plenty of flexibility, with a customizable dashboard and reports;
• Risk management for drivers and insurance purposes;
• Scalable features;
• Support for future frameworks and standards, and
• Workflow automation.

Neutralizing Cyberattacks

You won’t always see a cyberattack coming, but working with a managed service provider with strong cybersecurity protocols adds another layer of protection from phishing. Trucking companies need a multifaceted approach to securing data and establishing solid security and response plans. Schedule regular plan reviews and stay updated on current scams, too.

Incorporate education on cybersecurity best practices, and train employees to identify suspicious e-mails and use good password hygiene. Require mandatory awareness via easily digestible microlearning increments, making the process interactive when practical.

To ensure that everyone accesses technology the same way, conduct updates on the same schedule, and doesn’t use unsecured devices. Use multifactor authentication whenever possible.

With companies updating legacy platforms and adopting enterprise cloud solutions, taking steps to secure sensitive data is paramount. Trucking companies that partner with a well-vetted, third-party managed service provider are more likely to successfully mitigate the threat of cyberattacks.

Daniel Gorziglia is vice president of engineering at fleet management software provider Maven.