Gard Club in collaboration with DNV GL explain what are the possible cyber threats and how we can mitigate them or prevent them. Cyber threats are dynamic and can quickly change, for this reason seafarers must be very careful, in order not to put their personal or the ship’s information at risk.
Namely, the easiest way for cyber criminals to attack is through negligent or poorly trained individuals. What is more, many crewmembers still doubt the importance of cyber security on their ship. But this is not true.
Cyber security needs proper trained staffing to understand the full value of technology investments and the IT procedures. In order to engage more people in the subject, Gard suggests creating an analogy between the cyber threats and the other dangers of the maritime adventure.
Today, any company can be vulnerable to cyber risks. These can include:
- Social engineering: Hackers attempt to gain critical information;
- Electronic GPS spoofing: The creation of problems in the GPS info;
- Phising scams: Attempts to gain personal information by scam e-mails.
These attacks are happening more and more, but the good news is that there are ways to prevent them.
Do not let anyone uninvited into the system
This will be achieved by:
- Securing the computers, by using antivirus and updating the systems;
- Update ship operation systems;
- Use only company-approved software.
- Be very careful about the e-mails you are receiving;
- Search the facts, such as the name of the person/company that sent the e-mail.
Infiltration by malware
In order to prevent a cyber criminal by infiltrating through a malware:
- Never insert anything on the computer before making sure it is clean;
- Check the device that you want to insert offline for viruses;
- Do not let third parties enter data alone.
Just like a door, computers must be protected physically as well. This can be done by:
- Using ID card authentication;
- Using long passwords of at least 8 characters that contain upper and lower letters, numbers and symbols;
- Protect your passwords.
- No personal items must be connected to sensitive networks;
- Secure the stations for file sharing;
- Be careful what you share online and put tape over the camera and laptop on your computer.
In case of an attack
In case an attack does happen after all, Gard Club and DNV GL, recommend three steps that must be done immediately after the attack is noticed:
- Follow the company’s procedures;
- Report immediately to the supervisors;
- Never pay the ransom and follow the company’s procedures.