Like many industries, the haulage sector is reliant on computer systems for many aspects of its business operations and cybercriminals will target vulnerabilities given the opportunity.
Most cyber incidents occur as a result of human error. This will typically be a simple mistake made by an employee—either due to negligence or poor decision-making—that can pave the way for a cyber-attack or data breach. Anything from a weak password to clicking on a malicious link can lead to a system being compromised.
Email account compromise is on the rise
A common cyber threat for businesses, and one of the most financially damaging, is business email compromise (BEC). There has been a marked rise in this type of cybercrime in recent years, with attackers increasingly targeting UK businesses.ii
A BEC attack will typically involve an attacker hijacking a corporate email address to send an email to a target, appearing to come from a trusted person or business. Once the target clicks on a link or opens a rogue attachment, the attacker may be able to gain access to critical business information or extract money. BEC attacks include spear phishing, impersonation, identity theft and the use of malware (malicious software).
We have seen several examples of haulage clients being targeted by cybercriminals via such methods. Recently, we were made aware of an employee of one haulage firm that had been emailed an authentic-looking document from a colleague which, when opened, released a virus into the system. This led to thousands of data records becoming vulnerable and significant costs were incurred in addressing the breach. Another client found that one of their vital systems was completely locked for several weeks following a cyber incident, resulting in a large business interruption claim.
Cybersecurity training can save money and downtime
Most of the actions you can take to help reduce the likelihood of cyber incidents caused by employee error boil down to increasing knowledge and awareness.
- Enable email settings in employees’ computers to allow the full email extension of the recipient to be viewed.
- Ensure the incoming email’s domain name is associated with the business/individual the email claims to be from.
- Avoid supplying personally-identifiable information or login credentials via email.
- Verify payment and purchase requests and changes of payment procedures with the individual the email appears to be from.
- Monitor financial accounts on a regular basis for irregularities.
- Set up multi-factor authentication (MFA) on any account that allows it.
- Use email filtering solutions to detect malicious links or attachments.
- Provide adequate cybersecurity training for your employees, including phishing simulation.
- Create and maintain a culture of cybersecurity and encourage timely reporting of suspected incidents.
How Gallagher can help
We understand the constant time pressures faced by the haulage industry as well as the need to control costs. One of the ways Gallagher can assist with both of these things is by helping you reduce your risk of an expensive and disruptive cyber incident.
Our specialist Cyber Risk Management team provides a range of services, including cybersecurity training, webinars, phishing simulation, penetration testing and more.
Just as importantly, our specialist team can help you secure adequate cyber cover in an increasingly challenging cyber insurance market.