Cyber Security

by | Aug 10, 2020 | data, internet, privacy, security, Software | 0 comments

Cyber Security Tips and Advice

Cyber Hacker with skeleton mask and computer reflected in glasses

The following content is based around the Small Business Cyber Guide and the Easy Steps Checklist pubslished by the Australian Cyber Security Centre.

For more comprehensive information visit www.cyber.gov.au

On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020.

To coincide with this, we at TigerFleet thought that it would be a good opportunity to give an overview of some of the steps that you can take as an individual or small business to protect yourselves from cyber attacks.

To better protect yourself from cyber criminals and secure your accounts and devices, the ACSC recommends that you:

Secure your email, social media and apps

Put strong security on important accounts where you exchange personal or sensitive information such as email, bank and social media accounts.
  • Turn on two-factor authentication, such as a code sent to your mobile, for an extra layer of security.
  • Use strong passwords on your accounts. A strong password is a passphrase of at least 13 characters, made up of about four words that are meaningful for you but not easy for others to guess. For example, ‘horsecupstarshoe’.
  • Don’t use the same password on any of your accounts.
  • Consider using a reputable password manager.

Hint: Use a Passphrase

A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Passphrases are most effective when they are:

  • Used with multi-factor authentication – see below
  • Unique – not a famous phrase or lyric, and not re-used
  • Longer – phrases are generally longer than words
  • Complex – naturally occurring in a sentence with uppercase, symbols and punctuation
  • Easy to remember – saves you being locked out.

Passphrases will significantly increase security. The table below (from www.cyber.gov.au) gives some comparison on the ease of password styles to crack:

 

PASSWORD/ PASSPHRASE TIME TO CRACK EASE TO REMEMBER COMMENTS
(Brute Force Attack)
password123 Instantly Very Easy (too easy) One of the most commonly used passwords on the planet.
Spaghetti95! 24-48 hours Easy Some complexity in the most common areas, and very short length. Easy to remember, but easy to crack
5paghetti!95 24-48 hours Somewhat Easy Not much more complexity than above with character substitution, and still short length. Easy to remember, but easy to crack.
A&d8J+1! 2.5 hours Very Difficult Mildly complex, but shorter than the above passwords. Hard to remember, easy to crack.
I don’t like pineapple on my pizza! More than 1 Year  Easy Excellent character length (35 characters). Complexity is naturally high given the apostrophe, exclamation mark and use of spaces. Very easy to remember, and very difficult to crack.

Watch out for scam messages

Online scams and ‘phishing’ by email, SMS, social media posts and direct messaging are designed to steal your logins, credentials and personal details or to download malicious software onto your devices.

  • Check before you click links – hover over the link to see the actual web address.
  • Never enter your username or password from links in messages to your accounts – go to the official website or app.
  • If a message seems suspicious, contact the person/business through a separate, legitimate source to confirm it.

Secure your mobile and computer

  • Always use a PIN or password on your mobile and computer.
  • Always do the software updates such as Microsoft, iOS and Android.
  • Make sure you download apps from official stores such as the Apple App Store or Google Play for Android.
  • Install security software on your devices to protect you from malicious software.

Check public Wi-Fi before connecting

Information shared through public Wi-Fi hotspots in cafés, airports, hotels and other public places can be intercepted.

  • Turn off automatic connection to public Wi-Fi on your devices.
  • Choose to connect to non-public Wi-Fi for a more secure connection.
  • Consider installing a reputable Virtual Private Network (VPN) solution on your device.

Software Considerations Key areas

Securely organising your software can drastically increase your business’ protection from the most common types of cyber threats.

For example, your operating system is the most important piece of software on your computer. It manages your computer’s hardware and all its programs, and therefore needs to be updated, backed up and maintained.

Improve resilience, stay up to date and stay safe with these software considerations for small businesses.

Automatic Updates

An automatic update is a default or ‘set and forget’ system that updates your software as soon as one is available.

  • Better online security
  • Improved protection (in real-time, directly by the experts) from loss of money, data and identity
  • Enhanced features and efficiencies for programs and apps.

Automatic Backups

An automatic backup is a default or ‘set and forget’ system that backs up your data automatically, without human intervention.

  • Quicker and easier to get your business back up and running if information is lost, stolen or destroyed
  • Protects credibility of your business and help meets legal obligations ^
  • Peace of mind that you’re always protected so you can focus your business efforts that deliver value

Multi-Factor Authentication

Multi-factor authentication (MFA) typically requires a combination of something the user knows (pin, secret question), physically possesses (card, token) or inherently possesses (finger print, retina).

The multiple layers make it much harder for criminals to attack your business. Criminals might manage to steal one proof of identity e.g. PIN, but they still need to obtain and use the other proofs of identity. Two-factor authentication (2FA) is the most common type of MFA.

Small businesses should implement MFA wherever possible. Some MFA options include, but are not limited to:

  • Physical token
  • Random pin
  • Biometrics/ fingerprint
  • Authenticator app
  • Email
  • SMS

People and Procedures Key areas

Businesses, no matter how small, need to be aware of and consciously apply cyber security measures at every level.

Given small businesses often lack the resources for dedicated IT staff, this section addresses how you can manage who can access, and who can control your business’ information, and the training of your staff.

Your internal processes and your workforce are the last, and one of the most important lines of defence in protecting your business from cyber security threats.

Access Control

Access control is a way to limit access to a computing system. It allows business owners to:

  • Decide who they would like to give access privileges to
  • Determine which roles require what access
  • Enforce staff access control limits.

Access control systems help you protect your business by allowing you to limit staff and supplier access to your computer:

  • Networks
  • Files
  • Applications
  • Sensitive data

Peace of Mind (Part 3) – Why TigerFleet?

by | Feb 26, 2020 | Compliance, Employee, Fuel, privacy, Savings, security, Software, Tracking, Vehicle Costs | 0 comments

Peace of Mind (Part 3) – Why TigerFleet?

TigerFleet is a leading fleet management and compliance tool, with over 20 years of consultative development between industry experts and a range of transport companies. Our software platform has evolved to become a market leader, and it continues to grow and develop due to its associations with other specialist fleet hardware and software providers. 

Stencil of hi-vis vest on ground with the word Future? written in it

Our Background

The software concept was first conceived by Bob (Robert) Moyle in the late 1990s. Sadly, Bob is no longer with us but the software that he was so passionate about has grown to become his legacy to the transport industry, an industry that Bob worked in as an operator and trainer in for much of his life.

When it was first designed back in 2000, the software was called FleetMaster and, as all software was back then, it needed to be installed on either a company server or a personal computer, with the database kept locally. In 2010 Bob realised that the software world was changing and FleetMaster was redesigned and rebuilt for the cloud environment. The reprogramming and testing took around four years and the result was TigerFleet Management, the powerful program that we have today.

Peter Rowland has been involved with the company since its first year, initially as a designer, tester and consultant, and as the company’s senior manager since 2016. Peter has worked in the transport industry in many roles since 1984. He has fond memories of FleetMaster and can personally attest as to just how far the software has come.

In 2019, we relocated to the incredible serviced offices at the University of Wollongong Innovation Campus, to better enable us to service our client’s needs and

Our Products

TigerFleet Management

This is our flagship product. TigerFleet Management is a powerful fleet, employee, contractor and compliance saas platform. It has been trusted by enterprises, companies, sole traders and auditors to demonstrate compliance with national accreditation schemes and regulations. It has all of the tools you need to ensure you meet the requirements of one or multiple schemes, satisfy audit criteria, demonstrate compliance or regulatory guidelines. TigerFleet Management has a proven track record, with 20 years of industry development, and gives you the power you need to succeed every day.

 

TigerFleet Tracking

TigerFleet Tracking has fleet tracking, telematics and driver activity solution with a wide range of options for tracking and monitoring your assets and cargo.

Modern day logistics requires a lot of information for business optimization. In addition to GPS tracking, CANBUS trackers allow you to monitor your vehicle’s engine management system.

Advanced driver monitoring allows you to reduce operational costs, increase safety and comply with your legal requirements.

OBD-II and Engine Management (EM) Port ‘Plug & Play’ trackers can help reduce installation expenses and establish liability with real time tracking, warnings when a theft attempt or crash is detected, trace accidents & get fault reports.

BlueLink is the ideal Electronic Logging Device (ELD) to be used with smartphones or broadband tablets, for fleets looking for ELD compliance with basic fleet management. BlueLink plugs into the vehicle’s ECM port (J1939, J1708 or OBDII port), automatically detects and switches between them and sends via BLE to any ELD App the engine diagnostics data required for Fatigue Management compliance including: Odometer, Engine Hours, Engine ON / OFF. BlueLink ELD also sends additional engine data such as: fuel level, fuel consumption and major engine diagnostic codes. Simply Plugs into Your Vehicle’s ECM and Detects and Auto-Switches Between J1939, J1708, OBDII Protocols

Other products include solar-powered and battery-powered tracking units for trailers, and an RF Tag with built in temperature sensor, specifically designed for refrigerated trailers and containers.

We also have a number of smaller Bluetooth tags and sensors, all have long-life lithium batteries (up to 15 yrs), some have temperature or movement sensors, while others are slimline for pockets and bags or can be attached onto a staff members keyring or uniform. Compact, versatile and water-resistant, these RF and Bluetooth tags/beacons are ideal for tracking anything, including shipments (slip inside a box of valuables or a toolbox), hand trolleys, generators, pressure washers, signs, laptops, PCs and shipping containers. With transmission ranges of up to 500 metres these are simply placed on any asset to be monitored, they are easy to deploy and highly scalable, no IT required.

Combined

TigerFleet Tracking exports data to TigerFleet Management to help you better manage your fleet and real time alerts for approaching tasks. The most logical place to start was with the odometer readings, as the maintenance tasks of most vehicles is based on distances travelled. Vehicles fitted with a TigerFleet Tracking unit reports its odometer reading to TigerFleet Management once a day, every day, so your maintenance staff know exactly how close that vehicle is to its next service.

We are working on other integrations, including engine management fault reports, fuel levels and driver hours to name just a few.

While the two software packages are powerful stand-alone systems, when combined they are a one stop, integrated solution for any company that operates a fleet of vehicles, locally or around the globe.

Our Partners

Gyrus Solutions

The engine room behind the TigerFleet Management platform and API integration is Gyrus Solutions. Gyrus Solutions is a software development team based in Kiev, Ukraine. Founded in 2003, the team has over 15 years of experience in delivering full-cycle application development services to their clients worldwide. Their core activities include Azure cloud; Android applications development; Web-based B2B and B2C solutions; Specialized client-server ERP and data processing systems; Legacy Systems and application re-engineering; Database design, consulting & optimisation; Project recovery and rescue. They provide expertise and software development with industry-wide IT technologies: Core – Windows Azure, C#, ASP.NET MVC, Java (Android), DBMS – Microsoft SQL Server, Azure SQL.

Gyrus Solutions has worked closely with TigerFleet for over five years, consistently delivering the highest standard of service. Without them, TigerFleet would not be the success it is today.

Teltonika

Teltonika have been creating the internet of things (IoT) for over 20 years now and want their products and solutions to be used globally and to become indispensable in any business. Their team of professionals is the key to our partnership with them and the quality of service that we can offer our clients. TigerFleet Tracking uses a wide range of Teltonika vehicle tracking products, each dedicated for professional applications. They constantly upgrade their existing products and launch new ones to meet expectations of their customers. Teltonika also supplies TigerFleet Tracking with a range of accessories which are fully compatible with Teltonika Vehicle Telematics products, which enormously expands devices use cases and create a huge added value for your solutions.

Wireless Links

In 2019 TigerFleet Tracking was delighted to add the powerful Wireless Links suite of devices to its platform. With this association, TigerFleet Tracking can now offer Driving Hours Logging, CANBUS plug and play solutions and Driver Vehicle Inspection Reports as part of your existing Telematics solution or as a new, state of the art solution for your business. TigerFleet will also be working on an accredited Electronic Work Diary (EWD) solution with Wireless Links. All Telematics, Vehicle Inspection and Driving Hours data will be fully integrated with the TigerFleet Management platform to further strengthen our position the market and provide our clients with the most affordable, secure and reliable solution possible.

Nexus One

Nexus One was formed to meet the growing needs of the modern IT landscape. They are an Australian, Sydney based company, with a global reach. Their talented staff possess great enthusiasm when it comes to internet technologies, they welcome fresh ideas and try to build culture that allows them to thrive. Nexus One hosts the mainstay of their infrastructure in the Equinix SY3 data-centre. It provides their customers with the benefits of hosting within an N+1 rated data-centre, which has the state of the art facilities, including Redundant Power, Cooling and Climate Control, Fire Supression and 24/7 Security. They also offer services in the Equinix +ME1 data-centre in Melbourne which has the same N+1 rating for customers that need a higher level of redundancy.

Nexus One provide TigerFleet with Web Hosting, VoIP, Connectivity Solutions and some Hosted Services. Nexus One look after us, so we can look after you.

Our Promise

TigerFleet has risen to its current level by listening to its customers and designing the solutions they need. We are constantly researching opportunities to deliver a better, more cost-effective and increasingly seamless software solution.

TigerFleet strives to provide its customers with the best software platform, with automated or a single data entry point, which then communicates with other leading operational, compliance and financial products.

TigerFleet will POWER its customers into the future with a software solution that continues to be outstanding value for money, reliable and of the highest quality.

We believe every business or user is unique and must be treated as an individual, yet most of the challenges of managing a fleet are very common. This application has been developed using industry best practices in terms of technology selection and feature ease of use which has been provided by industry experts.

At TigerFleet we encompass the latest technology to tackle the rapidly evolving user requirements, thus making the day-to-day tasks more automated and less time consuming. Using our system means you don’t have to concern yourself about updates and installs, your platform will simply scale as your needs grow.

With an understanding of how you manage your vehicles, equipment and employees, we can demonstrate significant administrative and operational cost saving benefits. All we need to do is cover a few key questions so that we can identify the correct solution.

TigerFleet values fairness and diversity within the workplace, and empowers its employees by showing respect for ideas and creativity, providing the training and tools for their development and engaging in meaningful consultation.

Trial TigerFleet for 14 days to experience the true POWER of a complete vehicle, staff and contractor management solution.

Peace of Mind (Part 2) – Understanding Cloud Technology

by | Feb 19, 2020 | cloud computing, data, hardware, internet, privacy, security, servers | 0 comments

Peace of Mind (Part 2) – Understanding Cloud Technology

In part one of this discussion on data protection and technology we looked at some of the ways that you can protect your personal data while browsing the internet and shopping online. This part looks at the shift to cloud technology and protecting data stored in the cloud or on in house servers.

What is Cloud Technology?

Cloud technology has been around for many years now, but the levels of trust in the security of the system and understanding of cloud-based technology varies from person to person and company to company. 

Cloud-based software, simply put, is software that is stored on servers owned or leased by the software provider. The servers are typically held within secure and climate controlled third-party data centres, and all you need to access the software is an internet connection and the software provider takes care of the rest. You typically pay a subscription fee for the software and access it much the same way that you would access a website.

In House Servers

Until relatively recently, businesses that use software packages and share files and folders across their business network would have needed an in house server and a network of workstations with unique addresses. If set up correctly, a workplace network is a simple way of sharing data among employees and does not require an internet connection to operate.

With increased technology (and access to an internet connection or mobile data network) Virtual Private Networks (VPNs) and Remote Desktop Connections enabled companies to share a single network with multiple physical locations, both nationally and internationally.

Hosted Servers

Server hosting is a bit of mix of the above, and is a service offered by network providers who run all the software that you would ordinarily house on your internal server on a remote server that they either own themselves or lease. You may have a server dedicated to your company, or you may share a partition of one with someone else. You typically rent/lease an amount of data storage space, same as you would rent/lease office space.

As with cloud-based software, you need your own personal computer, laptop or tablet and a reliable internet connection to access the hosted server. 

Which is Better for my Business?

For many people there is something comforting about having a large server ticking away within a data room on your own premises. You know that your data is sitting in your own building, you are in control of its fate – good and bad, and you are not dependent on a third party provider and the internet speed and stability in order to get your daily work done. But, and this is an important but, you need to protect your hardware, software and data; many companies are at risk of losing its data through inappropriate backup schedules, insufficient hardware maintenance, power surges, viruses, spyware, hacking and a host of other factors. 

Although high-end in house servers can be extremely expensive, and the cost of maintaining them can be high, if you are in an area where you do not have fast and reliable internet this might be your only option. Even if you do have good internet, your own server can be a more cost-effective solution for small businesses, and a lower spec server or a powerful PC might suit all your needs. 

Solid state drives offer faster, smaller and longer lasting computers, which may be an option for your in-house server, but these advantages come with a trade-off. Larger capacity solid state drives are expensive, especially for the better brands, which means that storing large amounts of data locally can be very expensive, and increasing your data storage capacity can be complicated.

Cloud-based systems (including hosted servers) easily allow for multiple users to access your important data in real time, from any device, increasing productivity, access to information and user independence. This reduces business risk and ensures a level of flexibility that on-premises equipment simply can’t offer. You would typically have a known cost per month to access the system and extra storage/users can be added as and when it is needed.

Providers of cloud services are responsible for a broad set of policies, technologies, applications and controls in order to protect the internet portals you access your data through as a client. They are responsible for ensuring the compatibility of the applications and services they provide with the browsers through which you access them. They are also responsible for the security of your information and take care of hardware maintenance, data backups and related services for you.

Although there are many pros and cons of each type of system, and an initial assessment may suggest that the on-premise solution is cheaper, if all factors are considered, cloud-based technology offers much greater value and flexibility.  

A Common Sense Approach

Regardless of what you decide, you still need to have systems in place to prevent data breaches and potential losses. In part one of this series, we discussed how poor password security is responsible for over 80% of data breaches, but leaving computers unlocked, having inadequate virus and spyware protection and sharing your login details with other people can lead to big problems. 

Even though you might have the latest and the best virus and spyware protection installed, the software you have is always one step behind the bad guys. To put it another way, the antivirus needs the virus to exist in the first place for it to be needed, so never ‘assume’ that you are protected from the suspicious email you are about to open.  

How does TigerFleet Store and Protect your Data?

TigerFleet’s main database is hosted on Microsoft Azure servers. Microsoft Azure has the largest global network, servicing 55 regions and 140 countries around the world. Each region is a set of data centres that are interconnected via a massive and resilient network. The network includes content distribution, load balancing, redundancy, and encryption by default.

Azure regions are organized into geographies, and each geography ensures that data residency, sovereignty, compliance, and resiliency requirements are honoured within geographical boundaries. Geographies are fault-tolerant to withstand complete region failure, through their connection to the dedicated, high-capacity networking infrastructure.

Microsoft’s datacenters comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability, and are managed, monitored, and administered by Microsoft operations staff. The operations staff has years of experience in delivering the world’s largest online services with 24 x 7 continuity.

TigerFleet ensures that data stored with Azure is encrypted in accordance with their standards and maintains control of the keys that are used by its cloud applications to encrypt data. Encryption of data in storage and in transit is deployed by TigerFleet as a best practice for ensuring confidentiality and integrity of data. TigerFleet uses SSL to protect communications from the internet and even between their Azure-hosted VMs.

TigerFleet has opted for Geo-redundant storage (GRS) with Azure. GRS maintains six copies of your data. With GRS, our/your data is replicated three times within the primary region. The data is also replicated three times in a secondary region hundreds of miles away from the primary region, providing the highest level of durability. In the event of a failure at the primary region, Azure Storage fails over to the secondary region. GRS helps ensure that data is durable in two separate regions.

If a customer closes their account, they can request to have all of their data destroyed immediately. If this is not requested, their data is retained by TigerFleet for 12 months, which allows the client to export all of their data to Excel if they wish to use it elsewhere (e.g. upload to a new provider). At the end of this period, however, the data is destroyed.

Why Microsoft Azure?

Access to customer data by Microsoft operations and support personnel is denied by default. When access to customer data is granted, leadership approval is required and then access is carefully managed and logged. The access-control requirements are established by the following Azure Security Policy:

Azure provides customers with strong data security, both by default and as customer options. Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.

Microsoft helps ensure that data is protected if there is a cyberattack or physical damage to a datacenter. This includes in-country/in-region storage for compliance or latency considerations, and out-of-country/out-of-region storage for security or disaster recovery purposes.

When customers delete data or leave Azure, Microsoft follows strict standards for overwriting storage resources before their reuse, as well as the physical destruction of decommissioned hardware. Microsoft executes a complete deletion of data on customer request and on contract termination.

Peace of Mind (Part 1) – Protect Yourself and Your Data

by | Feb 12, 2020 | data, privacy, security | 0 comments

Peace of Mind (Part 1) – Protect Yourself and Your Data

Our personal data is everywhere, and we can no longer afford to be blasé about our data security – if we are not taking proactive measures to prevent the use of our personal information, we are opening ourselves up to all kinds of problems.

Data breaches are inevitable, and the bad guys keep coming up with new ways to steal your personal information. If you want to protect yourself in this dangerous digital world, you need to take a proactive approach, and that means building security into everything you do online. Here are some tips you can use to protect yourself and your data in this age of data breaches.

HTTPS and SSL

Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. The extra “s” means your connection to that website is secure and encrypted; data you enter is safely shared with that website. This technology is called Secure Socket Layer (SSL) and this security is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.

Any website, especially those that require login credentials, should use HTTPS. In modern web browsers, such as Chrome, websites that do not use HTTPS are marked differently than those that are. Look for a padlock in the URL bar to signify the web page is secure or look for warnings like the one below that alert you to the ones that are not.

Designate an Online Shopping Card

Shopping online is convenient, but it is important to stay safe. With so much credit card data being stolen, it has never been more important to be proactive about protecting yourself and your money. In addition to shopping only on sites that display the HTTPS/SSL padlock notification, you can also designate a single card for all your online shopping. Use that credit card whenever you shop online, then check your statements carefully for signs of fraud and unauthorized use.

Avoid Saving Your Credit Card Data at Shopping Sites

It may be convenient to save your payment information, but it is also risky. Avoid the temptation to save your credit card information and instead take the time to enter it each time you shop. This proactive measure will prevent your credit card information from being revealed in the next data breach, and may also reduce the impulse purchases that we are all guilty of.

Run Updates Regularly

One of the ways that hackers try to breach your computer’s firewall is through weak or outdated code. Most software providers release updates to their products but, when the program is running locally on your computer or server, it is up to the user or company IT department to run these updates.

Some updates are programmed to run in the background, such as those related to your computer’s operating software, while other programs are scheduled to check for updates on start up. In order for these updates to be installed or users to be notified that they are available, the computer needs to be restarted on a regular basis.

Indeed, restarting computers and other electronic devices, such as phones and tablets, is needed to ensure that programs run smoothly, so it is a good daily habit to get into.

Use Strong Security on All Your Devices

Your online security is only as strong as your weakest link, so make sure all your devices are well protected. From your tablet to your smartphone to your laptop, make sure you have strong antivirus and malware protection on every device you use.

Implementing strong security and keeping it updated is one of the best things you can do to protect yourself from the next data breach. Think of your online security as a chain, one that requires the robust participation of every link along the way.

Use a Trusted Password Manager Tool

A password manager is a tool that does the work of creating, remembering and filling in passwords – we use LastPass. Simply log into an online account for the first time and the password manager will store your username and password so every time you go back your credentials will be filled in automatically.

81% of breaches are caused by weak or reused passwords, so it is essential that each account you have has it’s own unique password. So how are you supposed to remember these strong, unique passwords? You can’t. But a password manager can.


In the next part of this discussion on Data Protection, we will look at Cloud Technology v Onsite Servers and outline what TigerFleet does to ensure your data is safe.