You asked for it and we listened. In this column, we ask operators of all sizes and from all walks of the industry a question about their business and report their answers so you can assess how your own company compares to your peers. If you would like to participate, please email Rob Smentek at rob@chauffeurdriven.com for next issue’s question.
TOPIC: What are the most important pieces of technology you use in your business?
In order to efficiently protect our business from being cyberattacked, we have hired an outside technology company that specializes in cybersecurity. Nothing offers 100 percent prevention from cyberthreats or attacks, but having a dedicated company does give you some peace of mind that it’s being handled accordingly in the event something should arise. They handle everything from a remote server to running the best antivirus software that money can buy. In-house, we train our employees to look for any suspicious emails or download requests and what to do if something is spotted. You want to make sure you have good policies and practices in place to try and prevent an attack from happening. One very important recommendation I can suggest is to make sure you do your system backups on a regular basis, not only in-house but to a remote server. This way your information is backed up in two different areas should one come under attack.
Bryan Beale, General Manager
A&A Limousine in Northampton, Pa.
While we have done plenty to protect client and proprietary data, I can summarize in one word the most important step in protecting our data: education.
Educating employees on proper protocol, including opening email attachments, recognizing scams and phishing emails, and implementing procedures for encrypting sensitive information are important considerations. Password management is equally important since many data breaches occur due to weak, stolen, or lost passwords. Implementing prompts for a password change every 90 days is a must. Multi-factor authentication has also been installed in all critical systems.
We have also implemented other basic measures such as a firewall, making sure we are PCI compliant, having a reliable website host, and installing antivirus software. Employees are not allowed to download software applications to local devices to prevent problems. In these days of cyberattacks, we keep our data backed up with a mirror image on a separate device that would allow us to quickly restore lost or locked data if needed. This data includes financial records, HR files, and all client and supplier accounting.
Harry Dhillon, President
Ecko Worldwide Transportation in Santa Clara, Calif.
Due to the threat of cybersecurity, we have really enhanced our approach to cybersecurity in the last 12 months. Instead of having cybersecurity come at us, we decided to take a “proactive” approach to cybersecurity and implemented a cyber program. We now have a strategy that we like to call a 12-month cybersecurity health plan, which outlines the actions we will take to ensure we are following the best practices for protecting our company.
Some of the items we have implemented include developing cybersecurity policies, which lay the foundation for how we will roll out our cyber program. To me, cybersecurity is now like HR and finance: critical parts of our company and a cost of doing business. We also have regular education and awareness training and email phishing tests for our employees; we need to make sure they know what to be looking for because the bad guys keep coming at us. We also created a written cybersecurity incident response plan to make sure we are ready if we do experience a bad cyber day, and having a plan to guide us through that is critical. We reviewed our cybersecurity insurance to ensure we had what we needed in place. Additionally, we run persistent external vulnerability and dark web scans, signed up to receive cybersecurity alerts, and put a plan in place to highlight cybersecurity in October (Cybersecurity Awareness Month).
Cybersecurity is not our focus every day, but it is something we need to be aware of and make part of our culture moving forward. Protecting and safeguarding our client and employee data is key to ensuring we can continue to provide outstanding customer service and is just good business!
Sean Duval, President/CEO
Golden Limousine International in Milan, Mich.
Currently, I just don’t click on ANYTHING that I don’t recognize. I don’t give any personal or business information online unless I know who is going to receive it. When in doubt, I make some calls to confirm. Also, I do not use public Wi-Fi ever—especially when accessing my company software. You can never be too careful.
Thomas Halsnik, Owner
Walsh Chauffeured Transportation in Tampa, Fla.
As we continue to navigate the ever-evolving cyberthreats, we have implemented a holistic approach to safeguard our data, system, and uptime.
First, it is crucial to adhere the best practices such as staying updated with the latest security patches, maintaining a strong password policy, using multi-factor authentication (when possible), and performing a monthly scan for vulnerabilities along with a simulated cyberattack to verify and remediate.
Second, it is imperative for IT to collaborate with the business to have a well-defined incident response plan and a recovery plan regarding recovery time and objectives.
Lastly, our associates are our last line of defense—yet most vulnerable. We believe that strengthening our security culture is one of the best ways to prevent cyberthreats by educating all employees on how to identify and avoid phishing attempts and other common attack vectors.
Security culture is often overlooked, and it takes time to establish, but it is well worth the effort so that everyone is working together to strengthen and maintain a strong security posture and protect our company from cyberthreats.
Weilun Feng, Chief Information Officer
Dav El/BostonCoach in Everett, Mass.
To prevent cyberattacks, we have depended on reliable virus products like McAfee and Carbonite as a backup in case an attack shuts all power down. With those options, you are still able to recover all data. Moreover, we have relied on FASTTRAK for more than 15 years, and we can run our business from anywhere using their Microsoft servers that have 99.9 percent uptime. We feel secure with their encryption system for payments over phone, online, and payment requests. Finally, we’re always changing passwords and using firewalls like Mozilla Firefox. We believe two is one and one is none ... so back stuff up.
Stephen Jones, General Manager Affiliate Relations
Butler Limousine Services in San Francisco, Calif.
We take cybersecurity seriously, using strong firewalls and keeping our software updated. We also ensure that all sensitive data is encrypted, and we conduct regular security checks. We also emphasize the importance of not opening emails or downloading data from unfamiliar or unchecked sources. I recommend staying up to date with security measures, educating your staff, and regularly backing up important data. A little prevention goes a long way in protecting your business.
Stefan Kisiov, Managing Partner
K&G Coach Line in Park Ridge, Ill.
We follow a series of guidelines recommended by our financial institution. These strategies include implementing strong passwords and multi-factor authentication for all accounts, but especially for sensitive systems like booking platforms and financial systems. Furthermore, make sure your payment systems are PCI DSS compliant to protect customer payment data. The use of tokenization to replace sensitive payment information with a unique identifier reduces the risk of data theft.
Employee training and awareness are also important. It is recommended to regularly educate staff on recognizing phishing attempts and other social engineering tactics. Furthermore, educate staff on the importance of software updates, secure Wi-Fi use, and data handling procedures.
In addition to regularly updating software, using secure mobile devices, and having a backup/recovery plan, it’s also wise to assess the security practices of affiliates and third-party vendors, especially those handling sensitive data or providing critical services. Include cybersecurity requirements in contracts and service-level agreements with vendors.
Robert Rodríguez, President/CEO
First Class Destination Solutions in Carolina, Puerto Rico
We’ve adopted several best practices for cybersecurity. We use strong, unique passwords for all accounts and enable two-factor authentication whenever possible. We keep our software and operating systems up to date and patch any known vulnerabilities. We exercise caution when opening emails or clicking on links, especially from unknown senders. We also use reputable antivirus and antimalware software and regularly scan our devices for threats. We stay informed about the latest cyberthreats and scams so we can be better prepared to protect our company. We recently attended the American Bus Association, Bus Industry Safety Council meeting, where the Transportation Security Administration (TSA) and Cybersecurity and Infrastructure Security Agency (CISA) presented and provided a tabletop exercise to heighten our awareness and education. We received TSA’s Surface Cybersecurity Awareness Guide, which is available to in bulk request to provide to all staff.
Jeff Shanker, Chief Strategy Officer
Black Tie Transportation in Winston-Salem, N.C.
Regarding cyberthreats, as a first step, we have hired a new compliance and risk manager to keep us on top of this issue.
Also, we keep our antivirus up to date with routine updates and have hired a third-party IT company that periodically reviews our office computers to ensure we remain compliant and manage any threats.
Nancy Vargas, CEO
DH2 Chauffeured Transportation in Jamaica, N.Y.
Protecting against cyberthreats and attacks is a critical concern for us, so we have implemented several key measures to safeguard our systems and data.
First, regular cybersecurity training and education for our staff is of the utmost importance. We ensure all employees can recognize, ignore, and block phishing emails, suspicious links, and other potential threat vectors. Keeping our team informed and vigilant about the ever-evolving threat landscape is the first line of defense.
Second, we have instituted a mandatory password policy that requires critical passwords to be changed on a quarterly basis. This helps mitigate the risks associated with compromised or outdated credentials. We also encourage the use of strong, complex passwords and multi-factor authentication wherever possible.
Third, when selecting third-party software vendors, we thoroughly vet their institutional reputation and security track record. We only partner with providers that demonstrate a strong commitment to data protection and follow industry best practices.
Last, but not least, we prioritize the backup and storage of critical files and data. Our organization maintains daily backups of key information, such as upcoming reservations, to ensure business continuity and the ability to recover in the event of a disruptive incident.
Amy Yan, Co-Founder & Managing Partner
AmyExpress in Hong Kong, China
We’ve loved hearing your answers to our benchmarking questions—but we always welcome suggestions for future topics, too!
Send an email to rob@chauffeurdriven.com you just might see your query answered in our next e-News.
[10.04.24]