by Kirk White, Yusen Logistics (Americas) Inc.
Kevin* had ONE JOB: to find the photographer. That was the motive for the whole thing. The wedding was in three months and his fiancé, Jenny*, had lined everything else up: facility, check…officiant, check…dress, check…caterer, check. Everything was in line and tip top but the photographer was proving to be elusive – June weddings and all. Calendars fill up and all the best photographers in town are booked well in advance.
Kevin was desperate. If he were completely honest, yes, he had procrastinated a bit and now time was of the essence. Who could blame him for continuing the search at work? What could possibly go wrong?
Anyone who has read the news in the last few months certainly can guess where this is going:
Kevin felt a small surge of hope when he spotted an ad on his browser boasting "find that perfect photographer in your area!" He clicked it and was rewarded with...
A frozen screen. A threat of losing all his files. A demand for bitcoin payment. And as he panicked and tried to figure out what he should do, an insidious little worm began to slowly make its way through the vast systems of his company network, attaching itself to an unprotected program commonly shared by most employees and using an auto-update feature to spread. In the end, its goal wasn't even really financial in nature as the ransomware aspect was easily thwarted. No, this worm wasn't looking to steal from employees – its purpose was to infect and shut down systems in the corporation. Its purpose was to disrupt the business. Its purpose was chaos. And it did its job very well.
Even though this particular scenario is apocryphal, the story is all too real. A glance at recent headlines show a catastrophic cyber attack in the Ukraine called "NotPetya" wreaking havoc on major corporations – Beiersdorf AG (Nivea Cosmetics), Mondelez (Cadbury), as well as logistics behemoths FedEx and DHL and, most notoriously, AP Moller-Maersk, a shipping giant who admitted that even though no corporate data was stolen, their operations were affected on a global scale. An insurance firm called Cyence estimates the total economic impact from NotPetya will hit $850 Million.1
These can be truly nerve-racking times, especially since there seems to be a growing trend among the cyber-villains to shift their focus from individual operators to target actual whole corporations, with the intended goal of causing as much mass destruction (and distraction) as possible.2 How can a company protect itself when the new normal has changed the concept of "death by 1,000 cuts" to "death by one itsy bitsy scratch"?
Many businesses are already at work on protections while some are at a loss as to where to start. While the purpose of this article is by no means to replace a robust and well-staffed IT and loss prevention department, there are a few glimmers of hopeful advice that can be imparted to both corporate and operations.
When looking to prevent cyber-attacks, think of a two-pronged defense:
1) Make security part of the company DNA: Most initiatives are destined to fail unless they have a solid buy-in from the "people upstairs" – this includes quality, safety and even cyber security. Management must be willing to allocate resources to ensure cyber protection. Encryption tools, firewalls that rival the Black Gate of Mordor, two-factor authentication for all remote access, anti-spy and malware software and subscriptions to the latest and greatest protection networks are nice high tech preventive measures.3
But don't forget simple, no brainer low tech fixes as well. Remember that locks are physical too, not just digital. The number one avenue for cyber attack access is a stolen piece of hardware – laptops, desktops, PDAs, phones, even hand written address/contact books that may contain password "cheat sheets."4 Lock them up. And while you're doing that, lock the doors to your server rooms – monitor the keys and make sure you get them back if anyone leaves the company. And since we're on that subject, also make sure you regularly purge login IDs for any employees who are no longer on the payroll.
Spend some extra time and pizza money on doing legitimate cyber security training to your employees. Communicate your cyber security policy to everyone. Make signs and put them in common areas.
When management makes security a priority, it will make its way into all levels of the chain.
2) Save dollars by using common cents (sense…get it?): There are as many "best tips for protecting yourself online" articles as there are stars in the sky, but it's worth sharing a few best practices nonetheless:
Protect your files by backing them up regularly. If ransomware wins by locking and destroying files, having a physical and regular back up system that is not connected to the network is the great equalizer. Sometimes a simple external hard drive is worth its weight in gold.5
Make sure all programs are up to date, with the new software revisions, which often contain fixes for any vulnerabilities. Please follow your own corporate protocols for this!
Don't click on strange, unknown or silly spelled e-mails that promise you untold riches. And never open links or files attached to said e-mails. In fact, just run.
Two Factor Authentication isn't just for your remote login for work. You can get this for many of your regularly browsed and used websites (personal web based e-mail, Twitter, Facebook – which you totally shouldn't use at work, – and most banks).3 & 6
Finally, the ultimate no-brainer: make sure you have a great password, don't use it for everything, and, for the love of Doug, don't write it down on a Post-it and leave it under your pen tray.
The old adage says it gets worse before it gets easier and it looks like the cyber war is far from being stalemated, but a few simple guidelines and wise best practices can hopefully mitigate some of the damage.
*Not a real person.
Kirk White has worked in every division of Yusen Logistics. After a brief stint in Transportation, he transferred to Corporate, where he coordinated Yusen's Employee Empowered Kaizen system and served as a Specialist for the Business Process Re-engineering group, after which he moved to the Warehouse division to serve as the East Coast Quality Manger before ultimately joining the International division, where he hopes to use his Quality knowledge base to prove an asset to OCM.
CLICK HERE to return to the AUGUST 2017 RVCF LINK