Courier companies targeted by hackers. What is their weakness?

You can read this article in 7 minutes

The strictest restrictions on data safety are applied in the public sector and in the companies that process sensitive data such as medical information and the numbers of credit cards. Data safety may be at risk also in logistics. It turns out that also courier companies may face this problem.

The surveys show that every fifth Pole has been affected by negative consequences of risky situations related to data safety. It turns out that many of this cases could have been avoided. There are plenty of examples of spectacular fails. In Poland in mid-July, 2017 a database owned by InPost was published on the Internet. It included i.a. detailed data of several thousand employees and cooperators (PESEL numbers, ID numbers, phones and e-mail addresses), the list of counterparties and agreements and the information about the cooperation with law enforcement authorities. Although Wojciech Kądziołka, the spokesman of InPost, assured PAP (Polish Press Agency) that the customer data are safe, the police started the investigation. The General Inspector for the Protection of Personal Data also took the appropriate actions.

There are more hacker attacks like that, only some of them get to be presented by media.

The most sensational attack was the ransomware Petya in the middle of the last year. A few logistics companies were affected, the vast majority of which, however, assured that their procedures that had been implemented in the event of a hacker attack proved to be efficient.

Trainings can solve the problem

– We place a very strong emphasis on data safety using top class security software that is updated on the on-going basis. The employees are trained several times per year in the event of similar situations – said Adrian Bladowski, project manager at Mainfreight Poland.

The company has also carried out an internal simulation of a similar attack. Randomly chosen employees received e-mail messages that contained links asking for the indication of the data (passwords and logins to the company’s internal server).

– From the information obtained the statistics was created and the conclusions drawn allowed us for securing in an appropriate manner. After the previous attack by ransomware „WannaCry”, which did not affect us directly, the IT team prepared a short instruction saying how to prevent unpleasant effects of network attacks. Our assumption is that the best defence are people, therefore we act in accordance with the rule that prevention is better than cure – Adrian Bladowski stressed.

The main threat is the employees

In case of courier companies a treat for hackers is i.a. sensitive information, such as the data of recipients (addresses) and the information about the orders.

The experts agree that the main threat are the employees themselves (more than 90% of IT specialists working for government agencies claim that they perceive the employees as the biggest threat to security). Raising the awareness among the subordinates is the hardest, yet the most important task for those responsible for security in the company. Single actions are not enough, the key is constant communication and education.

– Through education it is possible to eliminate even up to 99% of all the events related to IT security – said Katarzyna Budna-Grzęda, the president of Tukan IT, the company handling information security in business.

More and more entrepreneurs attach importance to the effective management of information security. Also, the awareness of information security of the companies cooperating with the courier service providers is increasing.

Courier companies must adapt to customer securities

According to ‎Łukasz Janion, country IT manager at DHL Express Poland, in some companies the access to the website of the logistics service provider, which is used for printing the bill of lading, is prohibited. The reason is the increased risk of the leakage of confidential data. In such situations, the logistics company must somehow adapt to the security policy of the client, for instance by applying dedicated solutions.

This is not always the case, therefore the social campaign was created to popularise the subject of Internet security and data confidentiality.

Due to the growing number of cyber attacks, incidents related to information safety and numerous data leakages, the issues concerning protection and processing of personal data are becoming extremely important for entrepreneurs. For many of them the logistics company is an integral part of the supply chain. Obtaining the customer data when ordering the international logistic services and their proper storage, or representing the customer before the relevant authorities during customs clearance is closely associated with daily activities of such companies”- says the statement the Foundation Knowledge is Safety, who are the campaign organisers.

– The entrepreneurs who do not pay sufficient attention to the protection of information, including personal data, must reckon with the legal, financial and reputational consequences. The entities from various industries are exposed to the negative consequences – DHL Express explained.

XXI century gold

The activities carried out are particularly important in relation to GDPR, the European regulation on personal data protection. On 25 May this year the regulation will change the legal system for the protection of personal data.

The new rules will strengthen the rights of persons whose data are collected, while the new duties will be imposed on the entrepreneurs and other data processing entities.

It is essential to read the clauses related to the processing of personal data. We often sign consents to further data resale. As a result, companies selling pots keep calling us.The clauses on personal data protection at the end of the agreement are not too long for read – Aleksandra Piotrowska, the president of the Foundation Knowledge is Safety, said on the Polish Radio broadcast.

She called the personal data „the XXI century gold”. -The companies make money from data. The one who has data has power, a clout and influence on consumer – Aleksandra Piotrowska said.

The experts emphasize, i.a., that it is worth to encrypt the data, try by all means to defend against phishing and other actions of cyber criminals. While choosing the subcontractor, the attention should be also put on aspects related to personal data protection aspects.

– Creating back-up copies of all important files and storing them on separate servers should be a common practice in companies. Many organisations collect the sensitive data about customers and contractors on the hosting companies servers. Such solution allows for maintaining the information safety, for instance in case of failure of internal data processing systems – added Jakub Orłowski, marketing specialist of LH.pl, a hosting company.

Photo: DPD

 

 

 

Tags