Nine ways your fleet management company should protect you from data breaches

Today’s fleets rely on data to maintain safe and efficient fleet operations—but that data is valuable to more than just fleet owners.

If it seems that hardly a day goes by without news of yet another data breach at yet another company, you’re not imagining things. In fact, there were 4,145 publicly disclosed data breaches globally in 2022 alone, and according to IBM, the global average cost of a data breach hit a record high in the same year. Given the damage such breaches can do to a company and the costs they can extract, it begs the question: What is your fleet management company (FMC) doing with your data? If you’re not sure, begin by asking these nine questions.

1. “What data is being collected and stored?”

“Malicious actors don't need to have a lot of information to start doing real damage,” according to Brian Bathe, VP, information technology services at Mike Albert Fleet Solutions—so it’s important to be aware of what data is being collected in an FMC’s data management system, and how it could potentially be used by scammers. Things like first and last names or home addresses can be leveraged to build more sophisticated and convincing phishing scams. The same is true of certain telematics data—“information like the location of a vehicle can give a bad actor a lot of insight into a target’s lifestyle,” Bathe says.

2. “Are you encrypting our data to shield us from data breaches?”

“Surprisingly, many companies don’t encrypt—or if they do, aren’t adhering to the newest standards and the latest best practices,” says Bathe. “Encryption is essential for commercial fleet data systems, and the encryption method should meet the standards set by the National Institute of Standards and Technology.”

Bathe added that data in transit can be more challenging to protect and more at risk than data stored in a secure device. “So,” Bathe adds, “be sure your vendor is leveraging the latest SSL standard.” Short for “Secure Sockets Layer,” SSL provides data security between a server and its client, in other words, between, say, a website and a browser. “This is a popular entry point for hackers,” says Bathe.

3. “Who has access to our encryption keys, and how are they protected?”

Encryption doesn’t mean anything if the key to unlocking it all isn’t secure. Encryption keys, if not adequately protected, are also vulnerable to hackers. Bathe, who honed his skills in managing highly sensitive data in the healthcare industry, says that the encryption keys should be secured appropriately and have backups in different locations. This will help ensure the most secure fleet data management.

4. “Are your systems regularly reviewed for all relevant updates?”

Bathe notes that software and system updates often include security patches and improvements that, if not made, can leave fleet tracking and fleet reporting data vulnerable. “Remember that while some of your data may not seem particularly sensitive,” he says, “hackers can use it as a stepping stone to more sensitive and lucrative data.” He suggests that every FMC should implement every update as quickly as possible.

5. “Do you stress-test your systems?"

According to Bathe, complacency has no place in data security. “The moment you let your guard down and assume everything is as secured as possible is the moment when you inject some vulnerability into your system,” he says. “You have to regularly test your fleet data management systems to prove that they’re as robust as possible.”

6. “Who will have access to my fleet data?”

“Not everyone at an FMC needs access to a client’s data,” Bathe says. “And those who do have access need not have access to it all.” For instance, only a couple of people likely need access to banking and credit card information. “An FMC employee should only be able to access the data they need to do their specific job in service to their clients, and no more. Period,” says Bathe.

7. “How are employees trained on data management and security?”

While only certain individuals or teams will need access to fleet data, it’s important for everyone within the organization to understand the importance of data security—because many data breaches are ultimately the result of human error.

That’s why establishing security policies and prioritizing ongoing education are so critical, says Bathe. “Developing standard operating procedures and comprehensive security training should be a basic component of any FMC’s data security system set-up,” he notes. All employees should be educated on company cybersecurity and technology policies, as well as on how to detect and report phishing attempts and other potential security threats.

8. “How do you secure the physical spaces where our servers sit? And do you have disaster plans in place?”

Bathe likes to remind everyone that data security isn’t just a matter of ones and zeroes. There’s the physical aspect of data security, too. For instance, does your FMC situate its servers in a temperature-monitored room behind locked doors with limited access? Is there a video surveillance system in place? Are there plans in place should fire, flooding, or some other disaster strike?

In addition, with so much data in the cloud these days, Bathe says that fleet owners should ensure that their data resides with reputable vendors, such as Salesforce or Amazon, with their own highly robust security measures and disaster plans.

9. “Do you have your fleet data management audited?”

No matter how diligent an FMC may be about their data security, there’s always something to be gained from an outside perspective, according to Bathe. “At Mike Albert, we rely on one of the ‘Big 4’ accounting firms to perform an annual IT audit,” he says. “It’s easy for everyone to get so close to their work that they can unintentionally miss something. Outside auditors keep us on our toes.”

Posing these nine questions to your FMC will help qualify them and give you peace of mind that your data is in good—and secure—hands.