Cybersecurity Basics — How to Protect Your Business

Cybersecurity basics — how to protect your business

Published on July 30, 2018 in Fleet Management by Geotab Team |  3 minute read

Help protect your business against cybercrime by reading about cybersecurity basics. Links to more learning resources included.

Cybersecurity has quickly become a critical investment for businesses, with its rapid growth fueled by the surge in cybercrime and growing technological advances. So, you’ve got an antivirus installed on your corporate computers — does this mean your business is covered?


The short answer is no.


Cybersecurity has become an exponentially growing challenge and is immensely broad. There are countless creative ways a system can be compromised by cybercrimes and these ways continue to change on a daily basis. That being said, a wide range of protection needs to be considered and constantly re-evaluated for any company. While an antivirus software is a great first step, malicious attackers are finding new ways to compromise your system beyond what a simple antivirus program can defend against.


This blog outlines the basic elements to arming your company against cybercrime, according to best practices recommended by the National Institute of Standards and Technology (NIST).


See also

Federal fleet manager cybersecurity considerations for elematics

What you need to know about the FBI notification on electronic logging

How to protect your business against cybercrime

1. Define your company’s framework

To protect any organization, you must be aware of all aspects of the organization that could be at stake. It is important to clearly understand the company’s structure, which includes defining roles and relationships among all the technology used, the processes in place, and the people involved with the company and data.


A public example of a framework for the United States critical infrastructure can be found here, where it is broken down into smaller frameworks for each sector.


2. Identify what needs protection

Once you understand a company’s framework, the next step is to assess the scope of the data that needs to be protected. Key elements include identifying who has access to what data, how changes to this data are tracked, and what procedures are in place regarding this. It is important to be comprehensive and extensive so that all aspects of the company’s data are protected. An organization’s security is only as strong as its weakest link.


3. Assess risks

Next, the vulnerabilities within a company need to be assessed and the possible impacts for each resulting risk modeled. The company needs to determine which risks are worth accepting (low risk or impact) and which need to be mitigated (high risk or impact). Useful tools to determine this are vulnerability scanners (passive) and penetration testers (active), which can be used in-house or contracted out.


More from this author: Open data and big data privacy [White paper]


4. Protect accordingly

Once the risk assessment is complete, it’s time to ensure appropriate protections are put into place. There are countless best practice procedures to follow for protection, such as:

  • Employees: Provide employees minimum access to data and only as needed. Train employees in basic cybersecurity practices to minimize internal accidental risks. Set up web and email filters to further prevent users from running into harmful malware.
  • Physical security: Protect your physical equipment via an uninterrupted power supply (UPS) system or surge protectors, store it at the recommended temperature, and keep it in a locked environment. Install physical security systems and take regular back-ups to help protect and minimize damage from physical security incidents.
  • Software: Maintain updated operating systems, and apply patches regularly to ensure third-party software risks are minimized. Use firewalls on all business networks and encrypt all sensitive data to further protect your company’s data.

5. Plan for incidents

Regardless of how many resources are used to protect your company, there is still a chance for a security incident. An incident response plan should be established. This plan should include ways to detect a breach (antimalware programs and baselines) and a set process on how to respond accordingly. An adequate plan protects your company by minimizing the time it takes to detect an incident and build a plan to stop the incident’s damage.


The National Institute of Standards and Technology (NIST) has published a comprehensive Computer Security Incident Handling Guide, available here.

Glossary of cybersecurity terms

Cybersecurity — The act of working to prevent unlawful events in cyberspace by detecting and responding to cyber incidents. Read more:


Framework — Through a collaboration of private industries and governments, the Cybersecurity Framework includes voluntary standards and guidelines, as well as recommended best practices for businesses to follow in an effort to prevent cybercrimes. Read more:


Malware — Also called malicious software, malware is a type of computer virus capable of stealing information from the computer including personal information. There are different forms of malware, such as spyware which can actually record keystrokes and monitor what’s happening on your computer. 


Read more:


Ransomware — Another type of malware but unique to others, ransomware takes information from a computer and demands some sort of ransom from the user, usually a financial sum, before they return the information. This type of a cyber attack can be especially harmful to businesses as it can stop them from operating altogether. 


Read more:


Social Engineering — Social engineering is a type of cybercrime that uses people’s personal information to gain access into a system. One of the most common form is phishing. This is when an email or website tries to get a user to give over some piece of information that can be used to get into a company’s network. 


Read more:

Stay in the lead

There is a constant race between cybersecurity and cybercrime. While there are countless commercial solutions available that can better arm your system, your organization should have a dedicated cybersecurity team. This team should constantly evaluate, implement, and enforce the company's policies involving the framework, its data scope, the risk and associated measures of protection, and the incident response plan. With diligent action and proper planning, your company can stay ahead in the ongoing race against cybercrime.


Stay up-to-date with the latest fleet management best practices by subscribing to the Geotab monthly newsletter.



Building a platform resilient to cyber threats

Digital responsibility: Protecting the lifeblood of value and innovation

If you liked this post, let us know!

Geotab Team

Geotab Team

The Geotab Team write about company news.


Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.

Get industry tips and insights

Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.

Republish this article for free

Other posts you might like

Two women in a business meeting sitting in front of charts and a laptop

Empowering Success: Unleashing the Domino Effect of Connected Women

Insights from Women in Fleet Leadership at Geotab Connect

February 16, 2024

Person standing behind a container with signal illustration

How asset tracking drives risk management and lower insurance costs

Learn how asset trackers improve risk management and reduce insurance costs in transportation and logistics, featuring expert insights from Marsh, a leader in insurance and risk advice.

February 15, 2024

multiple vehicles on the road

What is ADAS?

ADAS are in-vehicle technologies designed to enhance vehicle safety and assist the driver in better controlling the vehicle.

January 12, 2024

A lineup of white trucks in a parking lot

How to rightsize your fleet in five simple steps

Fleet rightsizing is an important strategic exercise that ensures your assets are sufficiently utilized and that you have the right type of vehicle, at the right locations, available at the right time.

December 18, 2023