Benchmark & Best Practices: How are You Protecting Yourself Against Cyberthreats and Attacks?
- Details
You asked for it and we listened. In this column, we ask operators of all sizes and from all walks of the industry a question about their business and report their answers so you can assess how your own company compares to your peers. If you would like to participate, please email Rob Smentek at rob@chauffeurdriven.com for next issue’s question.
TOPIC: What are the most important pieces of technology you use in your business?
Bryan Beale, General Manager
A&A Limousine in Northampton, Pa.
Educating employees on proper protocol, including opening email attachments, recognizing scams and phishing emails, and implementing procedures for encrypting sensitive information are important considerations. Password management is equally important since many data breaches occur due to weak, stolen, or lost passwords. Implementing prompts for a password change every 90 days is a must. Multi-factor authentication has also been installed in all critical systems.
We have also implemented other basic measures such as a firewall, making sure we are PCI compliant, having a reliable website host, and installing antivirus software. Employees are not allowed to download software applications to local devices to prevent problems. In these days of cyberattacks, we keep our data backed up with a mirror image on a separate device that would allow us to quickly restore lost or locked data if needed. This data includes financial records, HR files, and all client and supplier accounting.
Harry Dhillon, President
Ecko Worldwide Transportation in Santa Clara, Calif.
Some of the items we have implemented include developing cybersecurity policies, which lay the foundation for how we will roll out our cyber program. To me, cybersecurity is now like HR and finance: critical parts of our company and a cost of doing business. We also have regular education and awareness training and email phishing tests for our employees; we need to make sure they know what to be looking for because the bad guys keep coming at us. We also created a written cybersecurity incident response plan to make sure we are ready if we do experience a bad cyber day, and having a plan to guide us through that is critical. We reviewed our cybersecurity insurance to ensure we had what we needed in place. Additionally, we run persistent external vulnerability and dark web scans, signed up to receive cybersecurity alerts, and put a plan in place to highlight cybersecurity in October (Cybersecurity Awareness Month).
Cybersecurity is not our focus every day, but it is something we need to be aware of and make part of our culture moving forward. Protecting and safeguarding our client and employee data is key to ensuring we can continue to provide outstanding customer service and is just good business!
Sean Duval, President/CEO
Golden Limousine International in Milan, Mich.
Thomas Halsnik, Owner
Walsh Chauffeured Transportation in Tampa, Fla.
First, it is crucial to adhere the best practices such as staying updated with the latest security patches, maintaining a strong password policy, using multi-factor authentication (when possible), and performing a monthly scan for vulnerabilities along with a simulated cyberattack to verify and remediate.
Second, it is imperative for IT to collaborate with the business to have a well-defined incident response plan and a recovery plan regarding recovery time and objectives.
Lastly, our associates are our last line of defense—yet most vulnerable. We believe that strengthening our security culture is one of the best ways to prevent cyberthreats by educating all employees on how to identify and avoid phishing attempts and other common attack vectors.
Security culture is often overlooked, and it takes time to establish, but it is well worth the effort so that everyone is working together to strengthen and maintain a strong security posture and protect our company from cyberthreats.
Weilun Feng, Chief Information Officer
Dav El/BostonCoach in Everett, Mass.
Stephen Jones, General Manager Affiliate Relations
Butler Limousine Services in San Francisco, Calif.
Stefan Kisiov, Managing Partner
K&G Coach Line in Park Ridge, Ill.
Employee training and awareness are also important. It is recommended to regularly educate staff on recognizing phishing attempts and other social engineering tactics. Furthermore, educate staff on the importance of software updates, secure Wi-Fi use, and data handling procedures.
In addition to regularly updating software, using secure mobile devices, and having a backup/recovery plan, it’s also wise to assess the security practices of affiliates and third-party vendors, especially those handling sensitive data or providing critical services. Include cybersecurity requirements in contracts and service-level agreements with vendors.
Robert Rodríguez, President/CEO
First Class Destination Solutions in Carolina, Puerto Rico
Jeff Shanker, Chief Strategy Officer
Black Tie Transportation in Winston-Salem, N.C.
Also, we keep our antivirus up to date with routine updates and have hired a third-party IT company that periodically reviews our office computers to ensure we remain compliant and manage any threats.
Nancy Vargas, CEO
DH2 Chauffeured Transportation in Jamaica, N.Y.
First, regular cybersecurity training and education for our staff is of the utmost importance. We ensure all employees can recognize, ignore, and block phishing emails, suspicious links, and other potential threat vectors. Keeping our team informed and vigilant about the ever-evolving threat landscape is the first line of defense.
Second, we have instituted a mandatory password policy that requires critical passwords to be changed on a quarterly basis. This helps mitigate the risks associated with compromised or outdated credentials. We also encourage the use of strong, complex passwords and multi-factor authentication wherever possible.
Third, when selecting third-party software vendors, we thoroughly vet their institutional reputation and security track record. We only partner with providers that demonstrate a strong commitment to data protection and follow industry best practices.
Last, but not least, we prioritize the backup and storage of critical files and data. Our organization maintains daily backups of key information, such as upcoming reservations, to ensure business continuity and the ability to recover in the event of a disruptive incident.
Amy Yan, Co-Founder & Managing Partner
AmyExpress in Hong Kong, China
We’ve loved hearing your answers to our benchmarking questions—but we always welcome suggestions for future topics, too!
Send an email to rob@chauffeurdriven.com you just might see your query answered in our next e-News.
[10.04.24]