Logistics cannot be separated from IT security
Logistics cannot be separated from IT security
16 June 2021 - by: Eleonora Castagna

Logistics cannot be separated from IT security

And not just logistics of course: today, companies in almost every sector base their business on connected digital tools, intrinsically exposed to malicious attacks that could interrupt operations and even cause serious economic damage. We therefore share the practices adopted by FERCAM on the Cybersecurity front, easily applicable to any business reality

IT security
The essential logistics infrastructure is not only made up of routes to be travelled by means of transport: to date, without a solid and structured IT network, without telecommunications and digital innovation, it would be almost impossible to carry out logistics and transport activities effectively. This of course is not limited to the logistics sector, but is true on a global scale for most work activities, as well as for individuals. It is therefore essential to provide plans to ensure the security of the informatics systems in use, to maintain them, improve them and protect them from damage.

This is why there is a lot of talk about IT security, or Cybersecurity, or rather the principles according to which technologies, services, organizational rules and individual behaviours are managed, to guarantee systems protection and data confidentiality. Specifically, to defend the integrity of the corporate IT system not only from malfunctions but from malicious outside attacks.

Know your enemy and prepare your defences

Cybercrime, hackers, ransomware, viruses, malware, Trojan horses, phishing ... the terminology related to the cyber threat varies, but leads to a single awareness: zero risk does not exist. No one is therefore exempted from implementing a protection protocol that acts concretely on various fronts to prevent adverse consequences and intervene promptly if necessary.

What is the threat? It can be any type of software, often hidden behind innocuous-looking files, programmed to disturb performance, slow down PCs or servers, intercept information such as our personal data or relating to payment systems, for example. One of the most dangerous and widespread forms of ransomware are kryptolockers: they encrypt data making it inaccessible so that the criminals who launched it can ask for a ransom payment, typically in the form of crypto-currency, to allow you to decrypt it back. Paradoxically, for a company the greatest damage often corresponds to the interruption of production or service activities, with consequent economic losses, even considerable ones.

What channels are attacks propagated through?

The most popular channel for carrying out a cyber attack is a simple email: with an average of almost 3 million emails sent per second worldwide, it is easy to understand how hackers have ample opportunities for action in this field. Other potential common access points are security holes in processes, weak websites and passwords.

When an attack is successful, in most cases it is possible to identify the root cause in human behaviour, since many malware invite the user to take actions, which if carried out carelessly grant access to the malicious software.

Measures to be taken in the company for Cybersecurity

The key to adopting and maintaining a correct approach to IT security is to carry out continuous monitoring, adopting a proactive attitude and constantly adjusting the defence mechanisms. It is also necessary to choose the right technologies and carefully select your partners, making the correct investments for constant protection. Advancing on a technical level is a first foundation, but developing an internal culture aimed at the security and confidentiality of information is equally crucial. Training your staff so that they can recognize attack attempts, that they cautiously approach links and messages received from unknown addresses, and that they avoid downloading suspicious files, is undoubtedly the most effective measure to protect their systems. Respect for data privacy to prevent the leakage of information about the company also has considerable weight.

Here are some simple practices, which can be extended to all your collaborators, to help protect your IT systems:
  1. Use complex and sufficiently long passwords, consisting of letters, numbers and symbols in non-trivial combinations. Passwords should not be shared or pinned on physical media (such as post-its) that can be seen by other people.
  2. When you receive an email, do not open it before checking the sender, the subject, the form. With regard to this last point, check for gross grammatical errors or text that appears to have been automatically translated.
  3. Do not open links or attachments without first having critically assessed what they are.
  4. Do not disclose your credentials (user and password) or other personal data on sites accessed by clicking on links contained in an e-mail message. Always check the url address of the navigation page to which you have been redirected.
  5. Email attacks often hide behind imitations of the names of recognized public bodies or large companies, taking advantage of the credibility and recognizability of these institutions. So learn to look at these types of messages with caution.
  6. Stay alert and rely on your company's technical team in case of doubts, reporting suspicious emails or potential attack attempts suffered while browsing online.