Are you the weak link in your supply chain?

Are you the weak link in your supply chain?

My Dad is a specialist in aircraft leasing.  He used to manage the portfolios of global finance companies aircraft leasing to major airlines.  He has been in the industry since he left the Navy, after a career of 40 years he is a pro.

All luxury assets have a supply chain that can be broken
All luxury assets have a supply chain that can be broken.

 

Of course Dad no longer works full time, but he loves his industry and he still works.  He works on behalf of the Aircraft manufacturers and assists them structuring one off deals where they are selling a single aircraft.  Usually to a High Net Worth Individual or a corporation.  The deals can be quite large, somewhere in the region of the price of a private jet.

He manages the transaction from inception to closing and has such a deep knowledge of the process that he can eliminate a lot of friction for the buyers and sellers alike.  He adds value that’s hard to find unless you have had the experience.

In that sense, he is like many of us within the Superyacht Industry; competent, with valuable relationships providing a service built on trust.

But he has a weakness.  He doesn’t have any awareness of threats from cyber space.  The concept of someone intercepting his communications and disrupting a deal by re-routing the deposit or by gaining a commercial advantage by monitoring his communications does not occur to him.

In his defence, one would have to say that this has never happened.  He has never been hacked, clients have never suffered and there is no reason that should change.

He doesn’t have a linked in profile, his Facebook account is only connected with his kids and his WhatsApp account provides the often accurate update that it is still raining in Ireland.  Even if he did nothing, things will probably be okay.

Unfortunately that is not true any more.  Cyber security incidents in the Superyacht Industry and targeted at high net worth individuals and the companies surrounding them are increasing.

Anecdotally I have mentioned specific examples to people, but I can mention them here unless they guide would be cyber criminals to soft targets within our industry that are still in the stage of taking defensive action.

Counter-measures against cyber crime in the Superyacht industry are being taken reactively, usually in response to an incident.  The problem is top-tier cyber-criminals leave no trace of their presence.  They may monitor companies for months or years awaiting the opportunity to pull off a huge heist or they may commit crimes one or two degrees removed from their source, commercial espionage or theft of details allowing them to commit fraud against a companies clients, supplier or employees.

What is certain is that money has been stolen from companies working in the Superyacht Industry through cyber fraud.  Vessel Managers have discovered undisclosed VPNs connected to yachts at sea and Phishing campaigns targeted at the yachting industry are well underway.

We have covered ourselves by covering the basics,

  • Implementing procedures and policies around information security
  • Having penetration testing conducted against our business
  • Having specially adapted laptops for foreign travel to high risk areas for hacking (think Russia, Ukraine, Nigeria, China)
  • Training employees in Social Engineering techniques and how they can be manipulated by outsiders
  • Training Employees in effective password management and privacy
  • Installation and regular updating of Firewall and Anti-Virus
  • Selection of computer peripherals such as mouses, keyboards, printers etc which are harder to hack.

So I couldn’t just write an article highlighting all the ways my dad is vulnerable without helping him mitigate those measures.  He isn’t a business, he is a one man consultancy and he does not need the full package of security measures, he just needs some advice.

So we helped him out with the basics,

  • Automatic software updates.
  • Selecting the right (read secure) wifi router
  • Advising him on using a Password Manager
  • Anti-virus and firewall installation
  • Iphone Software updates
    • He does not actually need these because his phone is so basic you would need a screwdriver to hack into it.
  • Minimising the accessibility of his Facebook profile to people outside his network
  • Putting a piece of tape over his laptop camera.
  • Using a 200 character password instead of his mothers maiden name.

You can never know that you are 100% safe.  But whereas before hacking into my Dads network was as easy as sending him a phishing email for Dartmouth Class of ’58 Reunions, or pulling up outside with a high power wifi aerial now its going to be a lot harder.  What is more important, if someone does compromise his security, he will know that it has happened and be able to do something about it.

Author’s note:  Please do not send my father emails purporting to be Dartmouth Class of ’58 reunions. He will almost certainly click the link.