Is your fleet securely managed?

Digitalisation has revolutionised the fleet management industry and opened various doors in this sector. Unfortunately, not every connection is positive; without sufficient cybersecurity, fleets may be left exposed to nefarious parties or malware.

Telematics generates a multitude of data, including detailed vehicle, driver, and operational histories. “This data type is beneficial within an organisation for controlling fuel and maintenance costs, increasing productivity and safety, and minimising risk. Using telematics for collision reconstruction or benchmarking can generate even greater insight,” says Canadian fleet and tech solutions expert, Connected Vehicles, in its piece, “Cybersecurity Management in Telematics”.

Protecting this valuable data is essential. “If accessed by a malicious party, there could be severe consequences, potentially jeopardising customer accounts, schedules, shipments, location of assets, and personal information. Cybercrimes are committed because there is value to be gained from data, whether that data is a collection of usernames and passwords, credit card numbers, or telematics data,” notes Connected Vehicles. 

“Therefore, whether you are a small business owner, fleet manager, developer, CIO or CEO, you must understand how telematics data is handled and protected,” it continues.

The telematics ecosystem includes both hardware and software responsible for collecting and analysing vehicle data.

“As businesses gravitate towards software-based systems and working in the cloud, telematics data security will become an even more significant challenge,” Connected Vehicles elaborates.

“Telematics systems are expansive and multi-tiered: physical hardware, radio systems, software servers, and human agents. Because there are many components involved, the potential threats are numerous and can include thefts, GPS jamming, cellular sniffing, firmware manipulation, server exploits, and phishing.”

Wilmar, one of North Carolina’s largest independent fleet leasing and management companies, has more than 40 years’ experience. It highlights that hackers and other cybercriminals use multiple techniques to gain access to a company’s vehicles. “For example, they can hack into your fleet’s wireless connections (Bluetooth or WiFi) or the electronic control unit. Both systems control the vehicle’s ability to perform different actions, such as steering and braking,” it notes, adding: “Another possible entry point where they can attack is through another device like a smartphone that is connected to a port inside the vehicle.”

According to Wilmar, once someone has hacked into a vehicle, they can easily gain control of the rest of your fleet. “This can give cybercriminals the power to shut off the vehicle’s engine, control the steering, disable brakes, and gain access to other data,” it expands.

The situation isn’t hopeless, however, as Wilmar offers some guidance with four tips on how to protect a connected fleet from cybercriminals:

Be cautious about installing new or unauthorised software and systems

Wilmar recommends that you only install devices and software from a trusted brand on a secure network, and only with your company’s final approval. “You should also develop a comprehensive security policy that mentions different guidelines for the fleet,” it notes. “This precaution can greatly reduce your chance of experiencing a security breach due to a malicious software update from unverified third parties.”

Control who has physical access to the company’s vehicles

Next, Wilmar advises that you store vehicles in a controlled environment where only authorised personnel can access them: “This will drastically limit the number of unauthorised people who will have access to the vehicle’s software.”

Educate employees about potential risks

Another way to prevent hackers from gaining control of your connected fleet is to properly educate employees about the danger and potential ramifications of cybercrime.“Develop different training security programmes, policies, and procedures,” urges Wilmar. “Highly trained employees will (thus) have the tools and knowledge necessary to make better decisions that can protect the fleet from malicious hackers.”

Always update the vehicle’s software

“Lastly, we recommend that you frequently update the vehicle’s software and other systems. The majority of reputable software companies routinely update their software to patch up security bugs to make it safer for use,” Wilmar emphasises.

“You may be tempted to ignore security updates, but they can help make your company’s vehicles more secure,” it continues. “Every time one of your vehicle’s devices or software is not updated, you may be leaving your fleet vulnerable to a potential cyberattack.”

US- and India-based telematics provider LocoNav offers some additional tactics for safeguarding your valuable data.

“Prioritise data access to reduce potential vulnerabilities and threats. To prevent unauthorised users from getting system access, restrict access to specific types and sets of data to just those who need to see it,” the company advises.

“Learn how and when your telematics devices will update. To guarantee that security updates take effect, study how updates happen and under what conditions they occur (such as when the vehicle is running or overnight),” it adds.

LocoNav says that you should also keep your drivers anonymous whenever possible. “You will need to track data pertaining to specific drivers at times. However, if this is not the case, alter the telematics settings to generate anonymous data trails,” it further explains.

Finally, Wilmar stresses the need to be vigilant and diligent: “Although it may be tempting to look the other way, it is critical for business owners and fleet managers to be aware of potential ramifications of hackers gaining access to your company’s vehicles and proprietary information.”