Loss Control Insights for Petroleum Marketers
Three Ways to Stay Ahead of Cyber Threats
Imagine that you arrive at work and attempt to log into your computer—the place where you store sensitive information about customers, vendors, employees and your operations—only to find that the files are completely inaccessible. Perhaps you’ve been infiltrated by ransomware and your data is being held hostage, or maybe your hard drive crashed and the information is corrupted. Are you prepared to reconstruct the vital pieces of information you need to keep your business going? Better yet, are you taking precautions now to prevent these catastrophes from happening in the first place?
You may not think of your operations as being especially vulnerable to cyber threats, but the truth is these risks affect all sizes and types of organizations including petroleum marketers ranging from rural fuel delivery to regional c-store chains. To protect yourself, you need to take IT security seriously. Here are a few good places to start.
Step Up Your Password Game to Prevent Unauthorized Access
This one seems obvious, but many of us play fast and loose when it comes to the passwords that protect our most confidential information. Are you guilty of these password sins?
- Using the same password for long periods of time—If you haven’t switched up your passwords in months, or even years, I’m talking to you.
- Using the same password for all of your accounts, both personal and work-related—Your password is the same whether you’re logging into Facebook or your secure company network. This makes it easy for you to remember, but also means that a single data breach puts all of your accounts at risk.
- Using passwords that are easy to guess—You might think you’re clever using words like “password” or the dates of birthdays or anniversaries, but you’re really just making it easier for unauthorized users to gain access to your accounts.
Your organization should impose strong password requirements on all employees. Think complex passphrases that include numbers and special characters. A good rule of thumb: if the word can be found in a dictionary, it’s not a good password. Instead, put together a multi-word passphrase where you swap in numbers and characters for letters. Check out these password best practices and work with your IT staff to ensure they are being followed.
Back Up Your Data to Foil Ransomware Demands
In the last several years, ransomware attacks have increased dramatically across all business sectors. This malicious software is generally downloaded unintentionally when an employee clicks on a compromised link or downloads a tainted email attachment. Once opened, the software’s code locates your most important files and encrypts them so they can’t be opened by you. To regain access, you must pay a ransom to the hacker—usually in an anonymous currency such as bitcoin. Ransom demands may be as little as a few hundred dollars, or they may be in the tens of thousands. But, if you’re prepared with a recent data backup, you’ve got everything you need to restore your system without paying the hacker’s ransom. A side benefit to running regular backups is also being prepared for accidental data loss incidents (equipment failure, accidental deletion by an employee, etc.).
There are lots of options for backing up your important information. You may decide to back up files to a remote server or a cloud provider. This keeps the data isolated from your main system, so it will be protected and available when you need it. You can also back up your data to a removable device, which should be encrypted and password-protected. Store this device in a safe, offsite location to protect it from physical dangers, such as fire or flood, which might bring down your main systems and equipment.
Apply Patches and Updates to Defend Against Known Vulnerabilities
Bad actors on the web take advantage of the fact that many of us are running out of date software and operating systems, creating openings for them to access your information and systems. You may think you’re too busy to apply that patch right now, or you might not realize there is an update waiting to be installed. To make sure you’re protecting your systems, you need to be proactive about installing software updates as soon as they become available—if possible, set up your systems to apply updates automatically so you don’t have to carve out time to do it. And don’t forget to update anti-virus and anti-malware software, since these are some of the best protections for keeping your system safe.
Find More Online
- EMC Insurance—Preventing Data Breach and Cyberattacks: Tips for Petroleum Marketers
- HSB Blog—Back it Up: Two Ways to Avoid Losing Your Data
- Convenience Store Decisions—Ransomware Threatens Marketers