In Part I of our series we looked at what it means to manage your data in the age of hacking. From what types of hacking you can expect to a general overview of methods and strategies, there’s a lot to cover on this topic.
Today we will dig a little deeper into the different aspects of data protection that you and your business can employ. It’s time to look at cybersecurity from an IT angle.
The Human Element
The integrity of a fleet’s data management system relies on how well you manage said system, as well as systems upkeep.
Beyond the technical aspects, it’s also important to address the human element. After all, you will be having employees and partners regularly interacting with these systems. If you don’t have a comprehensive telematics security program in place that addresses the human element, you aren’t as protected as you think.
There are generally four aspects of telematics security at play in any given situation:
- Management: Do you have an established team of security experts and a management crew who understands the meaning of cybersecurity?
- Policies: Does your organization have a set of comprehensive policies and procedures in place regarding cybersecurity?
- Design: Are your systems designed with product safety and software development in mind?
- Training: Are you regularly training your employees and management staff on the various cybersecurity policies, procedures and technical aspects you’ve put in place?
Once you’ve answered these questions, it’s important to address the resiliency of the platform itself. Let’s take a closer look at this topic.
Platform Resilience
The Federal Bureau of Investigation (FBI) has recommended that operators of commercial motor vehicles should not connect third-party devices to OBD II ports. The fact is, if you don’t know where a particular device was manufactured, you shouldn’t be connecting it to your expensive commercial motor vehicle.
Any fleet manager worth his or her salt in the field knows that there should be specific policies in place to ensure connected devices are safe. There are also a number of tried-and-true principles to follow to ensure your telematics platform and subsequent data collection efforts are safe.
They include:
- Ensuring data transfers are secure
- Signing updates digitally
- Using proprietary hardware code protections
- Assume codes are public, ensuring you are constantly changing or updating them
- Employ the use of strong random numbers and encryption when transmitting information from one system to another
- Compartmentalize critical security-related data
- Do not use the same encryption key for multiple roles
- Have a verified third-party audit your telematics security systems
- Limit your server access to a need-to-know basis
- Constantly test and verify your systems
If you don’t take a rigorous approach to your systems security, you are leaving the vital, digital lifeblood of your software and hardware systems vulnerable to attack. To ensure full redundancy and security, you must be constantly reviewing, improving, testing and validating your cybersecurity measures and telematics protection initiatives.
Design Security in the Cloud
Since most telematics systems store their data in the cloud, you have to make sure your systems are protected at both the beginning and end-points. Telematics systems relay their data to a storage or processing server, so they must be secured at the source on both ends.
Also, it is vitally important to remember that no system is ever perfect. Never rest on your laurels and assume that because you addressed it once, it’s addressed forever. Only constant vigilance will ensure that your systems remain ahead of potential attackers.
Once you have the right protection in place, ensure responsible parties stay up-to-date on its operation. Only through proper care and consideration can you ensure your telematics data remains safe over the long term.