How Cyber Aware Are Your Yacht's Crew?

With cybercrime becoming a growing global issue, can you afford not to be cyber aware? What does it even mean to be cyber aware? 

Maybe the yacht you’re working with has experienced some kind of cyber-attack, or you’ve fallen victim to malware or ransomware, or had your social media accounts hacked. In this hyper-connected world we all live in, it’s all too easy for us to fall into the cyber criminals’ traps. 

We, as people, are the first line of defence against any cyberattack – unfortunately 95% of all security breaches are caused by human error, mainly by email, and primarily by phishing. 

Hackers are able to compromise corporate data and systems with relative ease, and on a regular basis. The main reason continues to be a lack of cyber security awareness – people utilise poor practices that expose data, leaving it unprotected and vulnerable to theft and breaches. 

The COVID-19 pandemic has had a massive impact on cyber security, with online scams increasing exponentially. Google revealed they were blocking more than 18 million malware and phishing emails related to COVID-19 every day – and that’s just one of the methods cyber criminals like to use. 

It’s important that the yachting industry realises it’s no different to any other industry in this regard; in fact the industry is a prime target, with cyber-attacks generally being more frequent than ever and becoming a simple fact of life, it’s natural to assume yachts become a target too. 

How to become more cyber aware?

 There are a number of simple steps which can make all the difference in protecting yourself and the people around you from a cyberattack. The first and simplest thing is just to talk about it. Bring it up in conversation with peers and family – there are some great statistics you can use as a conversation starter. 

• Only 3% of employees and individual users are able to spot complex phishing emails. 

• In 2019, one in two companies fell victim to a ransomware attack. Almost 40% of these companies had to pay the requested ransom. Hackers demanded an average of $84,000 in ransom. 

• Cybercrime costs organizations $2.9 million every minute, and major businesses lose $25 per minute as a result of data breaches, according to RiskIQ research. 

• A major data breach saw the details of 412 million FriendFinder users stolen in 2016, while a hack of Under Armor’s MyFitnessPal app in 2018 affected 150 million users. 

If the yacht you are working with is going through some type of cyber audit, be sure to check if that includes training and awareness for all the crew, from junior deckhand through to captain. In fact, it’s the younger members of the crew who present the biggest risk to data and yacht systems; without knowledge of the basics, it’s all too easy to inadvertently introduce malware to your device or to the ship’s networks you are connected to. 

One of the best ways to reduce the chance of a yacht suffering a cyberattack is therefore to train the crew. Armed with the appropriate knowledge we can practice good cyber hygiene in our daily lives: use strong passwords, back up devices, update software, avoid clicking on suspicious links and identify phishing emails. These steps, practiced in our daily lives, will surely transfer to the workplace as a matter of course. 

Being cyber aware doesn’t mean you need to be the next big hacker or have in-depth knowledge. As already alluded to, there are some simple steps you can take and a certain amount of knowledge goes a long way. 

Pelion Consulting is partnered with Cyber Prism, a UK based cyber security company working with Warsash Maritime School to offer cyber security training tailored to the yachting industry and yacht crew. 

The training includes two levels: one for all crew and the other for the nominated Cyber Security Officer on board. Not only are the courses very interesting and informative, they also contribute to a crew member’s continuous professional development, ensuring you get real value from taking the course. 

Some cyber security basics to get started

 If you don’t think you’re at risk, take into account whether you have ever opened a questionable email, clicked on an anti-virus pop up or if you reuse login passwords? 

We’ve all been there or seen it. Check out these six essential security steps: 

• Use a VPN to protect your online privacy - this encrypts your data locally and helps prevent criminals seeing your data. 

• Minimise use of public WIFI - you don’t know if it’s legitimate, or who is eavesdropping. If you have to use public WIFI, certainly use a VPN. 

• Create better passwords and change them regularly by using a password manager. 

• Try not to use sites that don’t use SSL - look for the padlock where you type in the webs address. 

• Keep up to date versions of software on your devices and bear in mind the terms and conditions.

• Look out for phishing emails. If you are not expecting an email or it looks too good to be true, delete it. If money transfers are involved, always double check with the sender.

For more information contact Richard Hodder at Pelion Consulting: rh@pelion-consulting.com