If it seems that hardly a day goes by without news of yet another data breach at yet another company, you’re not imagining things. According to data security firm Varonis, there were 5,250 confirmed breaches in 2021—an average of about 14 a day. Given the damage such breaches can do to a company and the costs they can extract, it begs the question: What is your fleet management company (FMC) doing with your data? If you’re not sure, begin by asking these seven questions.
1. “Are you encrypting our data?”
“Surprisingly, many companies don’t encrypt or, if they do, aren’t adhering to the newest standards and the latest best practices,” said Brian Bathe, VP, Information Technology Services at Mike Albert Fleet Solutions. “Encryption is essential for commercial fleet data systems, and the encryption method should meet the standards set by the National Institute of Standards and Technology.”
Bathe added that data in transit can be more challenging to protect and more at risk than data stored in a secure device. “So,” Bathe added, “be sure your vendor is leveraging the latest SSL standard.” Short for “Secure Sockets Layer,” SSL provides data security between a server and its client, in other words, between, say, a website and a browser. “This is a popular entry point for hackers,” said Bathe.
2. “Who has access to our encryption keys, and how are they protected?”
Encryption doesn’t mean anything if the key to unlocking it all isn’t secure. Encryption keys, if not adequately protected, are also vulnerable to hackers. Bathe, who honed his skills in managing highly sensitive data in the healthcare industry, said that the encryption keys should be secured appropriately and have backups in different locations. This will help ensure the most secure fleet data management.
3. “Are your systems regularly reviewed for all relevant updates?”
Bathe said that software and system updates often include security patches and improvements that, if not made, can leave fleet tracking and fleet reporting data vulnerable. “Remember that while some of your data may not seem particularly sensitive,” said Bathe, “hackers can use it as a steppingstone to more sensitive and lucrative data.” Bathe suggested that every FMC should implement every update as quickly as possible.
4. “Do you stress-test your systems?"
According to Bathe, complacency has no place in data security. “The moment you let your guard down and assume everything is as secured as possible is the moment when you inject some vulnerability into your system,” he said. “You have to regularly test your fleet data management systems to prove that they’re as robust as possible.”
5. “Who will have access to my fleet data?”
“Not everyone at an FMC needs access to a client’s data,” Bathe said. “And those who do have access need not have access to it all.” For instance, only a couple of people likely need access to banking and credit card information. “An FMC employee should only be able to access the data they need to do their specific job in service to their clients, and no more. Period,” said Bathe.
6. “How do you secure the physical spaces where our servers sit? And do you have disaster plans in place?”
Bathe likes to remind everyone that data security isn’t just a matter of ones and zeroes. There’s the physical aspect of data security, too. For instance, does your FMC situate its servers in a temperature-monitored room behind locked doors with limited access? Is there a video surveillance system in place? Are there plans in place should fire, flooding, or some other disaster strike?
With so much data in the cloud these days, Bathe said that fleet owners should ensure that their data resides with reputable vendors, such as Salesforce or Amazon, with their own highly robust security measures and disaster plans.
7. “Do you have your fleet data management audited?”
No matter how diligent an FMC may be about their data security, there’s always something to be gained from an outside perspective, Bathe said. “At Mike Albert, we rely on one of the ‘Big 4’ accounting firms to perform an annual IT audit,” he said. “It’s easy for everyone to get so close to their work that they can unintentionally miss something. Outside auditors keep us on our toes.”
Posing these seven questions to your FMC will help qualify them and give you peace of mind that your data is in good—and secure—hands.
Did you enjoy this class?
Share it with your organization and colleagues.