top of page

Top tips for transport and logistics firms

Travel and Logistics firms are a lucrative target for cyber criminals and this has continued to increase over recent years.



What are the threats?

- Ransomware – probably the most impactive cyber attack and likely the one which keeps business owners up at night. Locking all the data down so your company can’t access anything is bad enough, but the extraction and the ransom of the data means that this attack can have long lasting consequences.

- Phishing – by far the most prevalent attack as well as being the hardest to defend against. Technical controls can help, but training employees to recognise and report attempts, and successful attacks, is key.

- Connected technologies – transport and logistics companies are ever increasing their use of Operational Technologies, but some of these do not have security as the most important feature. The diagram below from BCG shows just some of the systems which a cargo ship may have, which is not secure, could be a gateway for a criminal to enter the network.




Top Tips

- Know what technologies you have in place and the security/risks associated with them. A comprehensive asset list means that you can determine the crown jewels of your business which needs to be protected above all else.

- Have a vulnerability assessment to ensure that there are no “easy” access points within your network. If you would like to learn more about the vulnerability assessments we offer take a look at our affordable services.

- Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for and then do. The ECRC can provide bespoke Staff Awareness Training through our affordable student services.

- Get the fundamentals right.

  • Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable. Get them to check their details on haveibeenpwned.com to see if any password they are using is known to cyber criminals. As a business owner you can register your domain and get notified if it appears in any data breaches.

  • Consider using a password manager for your staff to use. You remember just one strong password and your password manager remembers the rest. Watch our short video to find out more.

  • Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account. You can find more about 2FA here.

  • Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never evaluated them, and then when they need the data the most, they find that they can’t recover.

  • Ensure you have anti-malware on all devices, including your phones.

Join the Eastern Cyber Resilience Centre. It’s free. We’re a police-led, not for profit company.

By joining us you will be kept up to date with the latest threats to your business as well as guidance, support and direction to free tools and services, and access to our affordable student services which can help with vulnerability assessments and staff awareness training amongst other services.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page