Over the past few years, the risk of a cyber attack has become increasingly more common. Fleets in particular continue to grow in size and complexity, requiring a growing need for enhanced data security and privacy practices. Businesses deal with sensitive data that must be protected, including customer payment and personal information, proprietary business information, and employee information.
In a 2016 Fleet Solutions article, the magazine of National Association of Fleet Administrators (NAFA), the issue was raised that fleets store a great deal of valuable information digitally — routing plans, manifests, customer lists, logistical information, and more — that they would not want in the hands of outsiders.
“GPS-based fleet management and logistics applications are already being used to optimize productivity, routing, and dispatching,” ID Experts President Rick Kam told the magazine. “Every vehicle in a fleet is another endpoint to be secured.” The use of Telematics has become an integral part of fleet operations: Fleet managers will simply want to cover off on securing those entry points.
Kam points out that cyber attackers search for vulnerabilities, and that simple human error is often the way in. In addition to the standard reminders to avoid clicking on links in emails from an unknown sender (the method that hackers used to breach Target and Home Depot not so long ago), fleets should regularly remind all employees to be aware of how they use their computers, laptops, smartphones, and fleet cards.
Many security measures are mostly common sense, but an alarming number of companies and individuals don’t follow the basic rules. The 2022 Data Breach Investigation Report from Verizon Communications found that “82% of data breaches involved the human element, including social attacks, errors, and misuse.” Considering the hacking threat of sensitive and confidential information, fleet businesses should take additional precautions.
Identify private fleet data as a first step toward data security
To take action, the initial step towards data security involves recognizing the private and sensitive fleet data requiring protection. This includes any information that could potentially be exploited, such as personal or financial data that can be used in identity theft or financial fraud.
Furthermore, sensitive data could also contain proprietary information concerning your company’s operations, specific reports, or even details about client service needs.
To ensure maximum protection, create security practices that can be executed by all employees by default. Secure all data and implement additional measures to secure, monitor, and safeguard any sensitive or vulnerable fleet data.
Train drivers and employees on data security
It is important to create an internal approach for dealing with sensitive information, so all employees know the correct course of action to take when encountering a security breach. For a fleet business, this approach should be shared with drivers, fleet managers, and really anyone who has access to your internal data. It is important for all teams to understand company security measures and know how to keep customers and company data secure in their day-to-day operations.
9 tips to share with your staff to ensure your business is secure against cyber attacks:
- Limit the information you share - never give out passwords or security tokens.
- Do not use the same password for home and work accounts, or for multiple services.
- Change passwords regularly and do not write them down where others can find them.
- Keep routes and drivers safe: location can be a sensitive data point.
- Encrypt sensitive data. Since most fleets use mobile software and devices to communicate between the driver and the fleet manager, ensure mobile and fleet data can be encrypted end-to-end.
- Check network and tech stack cybersecurity. Confirm your network, servers, and all your enterprise software is working together and secure.
- Don’t ignore the prompts to update antivirus software, browser, and operating system software. They pop up at inconvenient times, but hitting “later” makes it easy to forget. Finish the task or tasks at hand and at the earliest convenient time, make the updates.
- When an employee leaves your company, remove their access to company records.
- Keep mobile devices and fuel cards secure. If a fuel card goes missing, cancel it immediately.
The threat is real. While security hacks at big box stores and large corporations make big news, one recent study showed that 71 percent of security breaches target small businesses. It can happen to anyone, and that means that security measures for computers, mobile devices, and fuel cards should become second nature, like locking the car door.
WEX is a leading, global fintech solutions provider, simplifying payments and back-end business processes in the fleet management, benefits management, and corporate and travel payments areas. To learn more, please visit our About WEX page.
Editorial note: This article was originally published on September 1, 2016, and has been updated for this publication.