When you think of cybersecurity awareness training, what immediately comes to mind? Annual required cybersecurity videos? Multiple choice quizzes? Generic “don’t click the link” training?
Unfortunately, for many organizations this is what the entire cybersecurity awareness program for employees looks like. In addition, there is a large portion of the employee base in most trucking companies that is left out of all cybersecurity training entirely: Drivers.
Don’t forget the drivers.
Drivers make up the majority of employees in most trucking companies. Why, then, are we not providing them with cybersecurity awareness training to keep them safe from social engineering attacks, scams, and cargo thieves?
I have spoken to many trucking companies that have not historically been providing their drivers with this type of training. Their answers to these questions vary in specifics, but typically sound something like this:
- Our drivers can’t access company email.
- Our drivers have no access to our company networks (more on this later)
- Our drivers don’t work at computers like our internal staff.
You get the idea. Many fleets see drivers as unrelated to enterprise technology, removed from risks associated with corporate email, and otherwise not in need of cybersecurity awareness training at all.
Unfortunately, this could not be further from the truth.
Truck drivers use tablets, smartphones and other connected devices all day every day. They work from rolling network devices every time they climb into a truck with a Wi-Fi hotspot, use a connected tablet, or pick up their smartphone device.
Will the standard one-size-fits-all training be effective with our drivers? No. Its effectiveness with our back-office staff is already arguable at best.
So, what’s the answer?
There are multiple responses:
- Tailored, role-specific training that focuses on the real workflows that our drivers follow.
- Short, direct training in plain language that does not alienate our less tech-savvy drivers and respects the busy schedules and tight time pressures that many drivers operate under.
- Training that is reinforced on a regular basis in conversation with safety teams, dispatchers, and driver liaisons.
When we provide targeted and effective training to our drivers, we take a potential security gap (an employee unaware of the cyber threats they face) and turn it into a strength (well-educated employees are an undeniable asset to the security posture of the company).
Drivers are not immune to scams
I spoke on this topic recently at an event, where I shared a story about a driver that I’d worked with previously fell victim to a romance scam online.
This type of scam often has many red flags along the way if the target has appropriate awareness training. However, in this case the driver did not and ended up losing their entire savings to this scam, thankfully. These and similar stories play out across our industry every day. This is avoidable.
When we provide training on phishing awareness; the need for strong, unique passwords; multi-factor authentication (MFA); and proper device hygiene, we help to take an employee out of the “low-hanging fruit” range and make them a much harder target for the cybercriminal.
When we ditch generic click-through training and replace it with training that is understandable, meets the employee where they are and specifically relates to the workflows, communication methods and devices that they use every day, the training sticks.
When we move the needle on security awareness and our drivers become cyber-savvy, they are safer both personally and professionally. Their value to the company also increases as their risk exposure is reduced, and they are more likely to spot scams and attempted cybercrimes early — and know how to report them and who to report them to.
It is important to remember that cybercrime is no longer a strictly digital threat. Cargo thieves utilize many of the same tools, techniques, and procedures as traditional cybercriminals to facilitate fraud and theft of cargo.
Drivers are often the first ones to see the warning flags for some of these attacks. Smishing (SMS-based phishing), impersonation and attempted load redirection are all tactics that provide the opportunity for a well-trained employee to spot the scam before it is effective and are all tactics that target drivers specifically.
As an industry, we need to ditch the generic training that results in more “eyerolls” than measurable improvements in cybersecurity awareness and replace it with tailored, role-specific training that directly addresses the actual threats that our teams encounter every day.
This is not a hard transition to make; it simply requires an awareness of the threat landscape, and knowledge of the workflows and tools utilized across the organization. The resulting awareness levels across our teams increase exponentially.
If you need help getting started, contact me at [email protected].
Ben Wilkens, CISSP, CCSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association Inc. (NMFTA).
In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners and government agencies to advance cybersecurity practices and knowledge.
Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats.
Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices.
With a rare combination of CISSP, CCSP and CISM certifications — alongside an active Class A CDL — Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.
