Cyber Risks In The Shipping Industry

Bookmark and Share Over 90 percent of the world's trade is carried on ships. The shipping industry is essential for the global economy. It's also a prime target for cyber crime. Whether you work in the industry or are a consumer, understand the cyber risks in the shipping industry.

Piracy

Pirates today still commandeer ships in person, but they also use technology to compromise a ship. They can access its Automatic Identification System (AIS), Electronic Chart Display or Information System (ECDIS) then plan and execute a theft or hold containers for a ransom.

Smuggling

Drug, contraband or other smugglers can access the information system of a ship, shipping company or port. With this control, they can alter shipping records or containers and hide contraband or identify which container holds contraband.

Fraud

Cyber criminals are fraud experts. They can impersonate a company official, client or customer and gain access to sensitive information. They can also access a company's information system and introduce malware or ransomware, or they can divert, steal or alter shipments.

How to Combat Cyber Risks in the Shipping Industry

Maritime transport experts understand shipping and logistics, but they may not be IT experts. They will need training and professional assistance to navigate the cyber risks they face.

Take cyber risks seriously.

Greater reliance on technology and greater connectivity between industries increase cyber risks today. The shipping industry must take these risks seriously and plan for emerging threats and situations. Otherwise, they compromise their business, security and profitability. A cyber risk assessment gives companies personalized information on the specific cyber threats they face and then offers effective solutions.  

Improve protection and loss prevention measures.

Criminals usually target the victim with the most vulnerabilities. Improving security can make the company a less attractive target for cyber crime. It reduces security holes, protects information and establishes a protocol to deal with breaches.

Train employees.

As many as 51 percent of security breaches are performed by an insider in the company who may be vindictive or simply careless. In addition to a strict vetting process, companies can train employees to:

  • Handle data, including file disposal, properly.
  • Recognize fraudulent information requests or data breaches.
  • Protect key information with custody guidelines.
  • Perform strict digital monitoring.
Purchase Adequate Cyber Crime Insurance

Despite strict measures, some cyber risks cannot be prevented. Cyber crime insurance provides a layer of protection and decreases the adverse financial impact of a cyber crime.  

Secure the supply chain.

All suppliers and contractors should secure their information systems so it doesn't introduce malware or other cyber threats into connected systems.

Cyber risks related to shipping industry affect companies and consumers around the globe. Understanding the risks can improve security and protect the economy.
 

Downloading Software Safely

Bookmark and Share Getting new software for the office can be a trying process. Top quality programs like Photoshop can be prohibitively expensive for a small business when you need to outfit your whole office, and the free stuff is a bit of a crap shoot. Obviously, we have to recommend against pirating. Individuals using Sony Vegas or Adobe Illustrator without a license aren't really taking a huge risk, but releasing professional work with pirated software is a recipe for a lawsuit that will wind up costing you quite a bit more than the licensing fees would have.

But then, the free and cheap alternatives bring their own risks. Check out some people's Firefox and Google Chrome browsers and you'll see about an inch of browser space and twelve inches of search bars, task bars and plugins. This is a problem you encounter when you're not too picky about where you're getting your free software. The problem is that it's more or less legal to take any piece of open source software and add a ton of stuff to the install process that the user doesn't need. They don't even need to include viruses and adware if you're actually choosing to do the auto-install without deselecting all the bloatware that comes with it.

If you can get your free software directly from the official website, then that's always the best option. Unfortunately, sometimes the official website is long gone, in which case you will want to check some forums to see if anyone has posted a legit copy to a file sharing site.

A lot of torrents for pirated software carry viruses, spamware, adware and spybots, which is another reason why they can ultimately cost you in the long run. Getting a virus off of your laptop isn't such a big deal. Getting a virus off of every laptop in your office, and out of all the software you've been distributing yourself, that's another story.

If you see someone sharing freeware on social media, just don't click the link unless the post comes from a verified account. People love to spread infected shareware and freeware on Twitter, Facebook and Youtube.

Basically it comes down to doing your research and getting your software from as close to the source as possible. Keep your security software up to date, don't trust random links or Youtube spam, and don't just click on the first download you see.
 

Cyber Risks That Affect Consumer Drones

Bookmark and Share Drones are becoming more popular with consumers. Drone operation does include cyber risks you should understand before you operate your machine.

Remote Takeover

Most drones operate via a Wi-Fi or Bluetooth connection through your smartphone or tablet. The connection may not be secure, though. A hacker can jam, intercept or terminate the connection or GPS, take over your drone and steal it or crash it into something.

Malware

The computer or mobile device you use to operate your drone could become infected with malware. It can affect the connection to your drone and cause the machine to crash and potentially cause physical or property damage.

Access Photos or Videos

A camera attached to your drone can transmit stunning photos and videos from the air. These images are usually transmitted over an unsecured FTP server which a cyber attacker could access and share. This privacy breach is your responsibility.

Ways to Protect Your Drone

Protect your drone from cyber crime when you take several steps.

Ask the seller about their cybersecurity measures.

Most drone sellers include the machine's cybersecurity information on their website. If you can't find it, contact the company for additional information.

Test your drone's security.

Hire a cybersecurity professional to test your drone and ensure it's safe from cyber threats.

Connect to your drone via radio control.

Use a secure radio control connection since Wi-Fi and Bluetooth connections rely on unencrypted data links that are vulnerable to hackers.   

Subscribe to a VPN service.

A Virtual Private Network (VPN) encrypts your internet connection and protects it from hackers.

Install a seL4 operating system.

Equip your drone with new seL4 OS technology. This operating system isolates various functions on the drone, preventing a hacker from taking over your machine.

Install an anti-virus program.

Reduce viruses, malware and other threats when you install protective programs on your computer or mobile device. The most secure programs provide real-time antivirus and anti-theft protection.

Vary your flying habits.

When you fly your drone in the same flight paths and at the same time every day, you make yourself vulnerable to hackers. Instead, vary your flying habits and throw hackers off your trail. Consider flying in remote locations, too.

Purchase drone insurance.


A drone insurance policy provides you and your drone with important coverage. Look for a policy with:

  • Broad, legal and premises liability coverage
  • Personal injury and medical expenses
  • Hull coverage
  • Extra equipment coverage for any on-board cameras, tools and equipment
  • Invasion of privacy
Your drone is vulnerable to several cyber risks. Know the risks and how to stop them so you can enjoy your drone and keep it secure.
 

Preventing Cybercrimes

Bookmark and Share Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security.

They believe that people who rob with a mouse and a keyboard rather than a gun target large corporations, because those businesses have the most money. This leads them to the misguided belief that cybercriminals will not bother them. In fact, the NACHA - The Electronic Payments Association - reports that Eastern European criminal syndicates have targeted small businesses precisely because they have allowed themselves to become easy marks.

Experts in the field estimate that one in five small businesses do not use antivirus software, 60% do not encrypt data on their wireless networks, and two-thirds lack a data security plan. This failure to take precautions makes a small business easy pickings for computer hackers. However, there are several things business owners can do to protect themselves.

Use two-factor authentication. This is a mechanism that requires the user to do more than one thing for authentication. It ordinarily has two components -- one thing the user knows (such as a password), the other a randomly generated number that the user must input. The number comes from an electronic token card, which generates a new number every few seconds. If the user enters a number that the system is expecting, the system will authenticate the user.

Inoculate systems against the Clampi Trojan virus. This virus resides on a computer, waiting for the user to long onto financial websites. It captures log-in and password information, relays it to servers run by the criminals, instructs the computer to send money to accounts that they control, or steals credit card information and uses it to make unauthorized purchases. The trojan monitors more than 4,500 finance-related websites.

Be on guard against “phishing” e-mails and pop-up messages. These messages purport to be from legitimate businesses with which the recipient does business. They ask the user to update or verify information, often threatening negative consequences if she fails to do so. Clicking on the links in the messages brings the user to an authentic looking Web site. However, it is actually bogus; the site collects personal information that the collector can use to steal the user’s identity. System users should ignore these messages.

Arrange for financial institutions to alert the business owner should they spot unusual activity involving the firm’s accounts.

Install firewalls and encryption technology to block uninvited visitors from uploading to or retrieving data from the firm’s servers and to protect data sent on public networks. Intrusion detection systems can inform the business owner of attempts to hack into the network. Be cautious about opening attachments to e-mails, especially if the sender is someone unfamiliar to the user. Attachments may contain viruses or Trojan horses that can steal login information and passwords or corrupt a system.

Protect against intrusion by disgruntled former or current employees. Deactivate passwords for former employees, erect barriers to keep employees from accessing systems unrelated to their jobs, and implement sound accounting procedures for financial transactions.

In addition to these safeguards, small businesses may want to consider purchasing computer fraud and employee theft insurance. These policies will protect the business against those losses that still occur; insurance companies are likely to offer favorable pricing to businesses that take precautions against cybercrime.

One of our professional insurance agents can give advice on the appropriate types and amounts of coverage. Modern technology gives businesses unprecedented abilities, but it also presents significant risks. Every business owner must take steps to keep the cybercriminals out.