Security and Safety

Simple Cyber Security Steps for Your Fleet Operation

Posted on September 29, 2017 by Donald Luey

How do you inspire mistrust of the Internet when your colleagues routinely ask it to pay their bills, deliver groceries, and check in on their mom? The bottom line is you can’t, or at least to do so might become counter-productive as we need innovative ideas to move our agencies forward, not cynicism and fear. But in the face of increasingly damaging ransom ware and phishing attacks, how do we safeguard our vital data vaults from the innocent employee mis-click or well-disguised but malicious lures? This is one place where building a proper wall not only makes sense, but doesn’t cost much and won’t significantly inhibit the workflow of your team.

Awareness Reform
The first part of this wall does require a bit of awareness reform. Assumptions about the safety of certain links and files need to be upended, and then replaced with a better understanding of how to identify threats independently. If the end user is the weakest link in your security grid, then building up the end user’s defenses makes a lot of sense.

We did this at Foothill Transit by piggybacking on National Cyber Security Awareness Month, which is every October. The Department of Homeland Security provides a free, well-crafted tool-kit designed to fully inform your team about myriad cyber security issues ranging from social media and using public WiFi, to scam tactics, and phishing. Supplementing regular email tutorials with face-to-face Q&A sessions can drive home the good habits you need people to emulate.

Safeguarding Access
Safeguarding access to the network comes next. Usually entry is governed by a user ID and a password, with the password usually created by the end user. If it’s just one word or a name, it only takes a hacker 1.37 milliseconds to breach it, less, if the word is only one or two syllables. If the word is intentionally misspelled, add nine minutes. Add a capital letter? Now we start to see some traction. A capital letter on a three-syllable word can take a month to breach. Add a number and you start getting into years. Add a symbol like “!” or “@” and the predictions get into decades or even centuries, but we can expect those estimated times to reduce significantly over time as hackers get more savvy and as technology evolves. The point being that right now in 2017, requiring end users to complicate their passwords by just a couple of symbols can create a nearly impenetrable barrier at what is potentially a serious weak point. The cost? A few emails, maybe some well-written protocols and policies, and a little creativity.

The Department of Homeland Security provides a free, well-crafted tool-kit designed to fully inform your team about myriad cyber security issues ranging from social media and using public WiFi, to scam tactics and phishing.

Authentication
In the end though, relying entirely on your end user to buy into policies and procedures still leaves a few gaping holes. Human error and routine being what it is, it makes sense to install another form of authentication outside of end user control that narrows network access even further. At Foothill Transit, this came in the form of randomly generated codes with a short shelf life. Codes could be accessed on a small key ring fob or via an app on a cell phone, only last 60 seconds, and are required prior to entering a personal password. This coded entry point is the gate before the gate, and self-destructs if not used in time. Team members with direct server access add another layer of authentication in the form of a PIN.

All of this adds up to, what we hope, is an unbreachable network — at least for now. In a few months it’s entirely possible that one or all of these tips will be upended and new tactics will have to be employed. In which case keeping isolated in the server room can cripple you as easily as a bad email link. Staying on top of this constant evolution, in the form of training, conference attendance, and sharing strategies and ideas with other security minded professionals isn’t optional and should be baked into your team’s culture and workflow. This can be difficult when the helpdesk piles up. Network wellness is only as robust as the people working it, so make sure you’re paying attention to their needs as well as the network’s.

Donald Luey is the IT Director for Foothill Transit.

View comments or post a comment on this story. (1 Comment)

More News

Letter to feds spelled out NJ Transit manpower issues prior to crash

In the letter, the agency's VP/GM, rail operations, detailed the losses: 93 non-union employees had retired from NJ Transit, or sought work elsewhere, between January 2014 and July 2016. Combined, their experience totaled 2,339 years.

Dozens of NJ Transit engineers diagnosed with sleep apnea

In response to a deadly September 2016 train crash, the agency updated its screening process for sleeping disorders.

SFMTA launches distracted driving campaign

The agency is crowdsourcing data collection to determine how distracted driving impacts the city's communities.

MARTA unveils new mobile command vehicle

The $1.2 million vehicle functions as a communication and command center for major sporting events, emergencies, and natural disasters.

Hundreds rode to safety on Palm Tran as Irma took aim at Florida

The agency made roughly 3,500 paratransit trips throughout the region on Sept. 8th — the day the majority of evacuations took place.

See More News

Post a Comment

Post Comment

Comments (1)

More From The World's Largest Fleet Publisher

Automotive Fleet

The Car and truck fleet and leasing management magazine

Business Fleet

managing 10-50 company vehicles

Fleet Financials

Executive vehicle management

Government Fleet

managing public sector vehicles & equipment

TruckingInfo.com

THE COMMERCIAL TRUCK INDUSTRY’S MOST IN-DEPTH INFORMATION SOURCE

Work Truck Magazine

The number 1 resource for vocational truck fleets

Schoolbus Fleet

Serving school transportation professionals in the U.S. and Canada

LCT Magazine

Global Resource For Limousine and Bus Transportation

Please sign in or register to .    Close