In February 2024, the U.S. Securities and Exchange Commission (SEC) adopted new disclosure rules regarding cybersecurity. Despite being designed for the benefit of public companies, these rules also affect trucking companies that do business with public firms.
Why is this the case? Simple: trucking companies’ computer networks are often linked with networks of their public company customers. As a result, potential hackers can penetrate a trucking company’s poorly guarded network to gain access to the network of their public partner. Here’s why this is a serious issue for trucking companies and how to combat it.
The Importance of Cybersecurity for Truckers
Hacker break-ins aren’t news for trucking companies. The reason for concern, however, is the exponential rate at which this threat is increasing. From 2022 to 2023, ransomware incidents nearly doubled in scope. Hackers are trying new approaches weekly, which can include everything from probing for security holes to making social engineering attacks.
New SEC rules also say that cybersecurity plans of public companies will be accessible to everyone. This includes their security arrangements with private truckers. Public companies will also need to go into greater detail about their cybersecurity infrastructure, which will involve describing the protections they’ve developed with third-party companies.
Business reaction to these SEC rules has been decisive. A recent Deloitte & Touche poll shows that 65% of public company executives are planning on beefing up their cybersecurity practices. What’s more, half of those executives say they’ll push their third-party partners, including trucking companies, to do the same.
The good news: there are plenty of ways for trucking companies to get up to speed on how to combat hackers. IT security adviser firms such as American Trucking Associations already offer cybersecurity courses designed to raise trucker awareness. One particularly important point involves following PCI DSS compliance.
Cybersecurity and PCI DSS Compliance
Trucking companies work with sensitive credit card data on a daily basis. As such, they’re subject to the Payment Card Industry Data Security Standard (PCI DSS). Companies that are found to be non-compliant with PCI DSS may have the relationship with their bank terminated and end up facing fines of up to $100,000 per month.
To achieve PCI DSS compliance, companies must protect their network against internal and external threats. Internal threats involve employees who may cause data leaks through neglect or malicious intent. The best protection against internal threats is to use Data Loss Prevention (DLP) solutions which utilize contextual scanning to monitor, block, or limit data transfer.
Complying with PCI DSS also involves restricting access to sensitive data on a need-to-know basis. Sensitive data should only be available to authorized employees, and they should only access it when necessary. Companies should be able to search their network for sensitive data stored on employees’ computers and encrypt or delete it.
Finally, trucking companies should block or limit the use of removable devices such as USB drives. Removable devices are a common data exit point, and their regular usage can be a major security risk.