Cybersecurity Awareness For The Yachting Industry

Oct 19, 2024 | News

In the yachting industry, cyber threats are becoming increasingly prevalent. As technology advances, so do the risks associated with it. 

Yachts and shore-based companies are more connected now than ever before. This makes them attractive targets for cybercriminals looking to exploit vulnerabilities.

In this article, I discuss cybersecurity for yachting companies. 

Understanding and implementing effective cybersecurity measures is crucial to protect your assets and information in the digital age.

Understanding the Cyber Threat Landscape in Yachting

With cybersecurity an ongoing topic, when was the last time you changed your passwords and checked your software and plugs-in were updated?

Make security your priority – for your staff, your website, and in-house systems.

I freelance for a lot of clients.

And I am always shocked that yachting companies are so relaxed about security; many have no procedures or guidelines at all.

Yachting companies will gladly share everything with multiple freelancers without a second thought, including logins for control panels, hosting accounts, social media accounts, and websites.

Believe it or not, I have encountered some superyacht companies who DO NOT KNOW who has access or the passwords to their analytics, domain, social media or website.

On vessels themselves and in shore-based businesses, if you run a cyber risk assessment, you can be sure that default passwords have been left on critical devices.

pastedGraphic.png

Understanding the cyber threat landscape is the first step towards enhanced cybersecurity. This includes being aware of the types of threats, such as malware, ransomware, and deliberate malicious acts that target systems, persons (via social engineering), and data, to compromise a vessel or yachting company ashore.

Yachts are particularly vulnerable to cyber threats due to their reliance on technology. From navigation systems to onboard entertainment, technology is integral to the modern yachting experience.

Matthew Roberts, a yachting cybersecurity professional, raised a vital point a few months ago: The implications for cyber security with having more AI and metaverse applications. Social engineering, phishing, and scams are getting hyper-personalised with voice, video, and image generation when they are being ‘trained’ by your social media content.

I’ve had feedback that one yacht management company signs a one-pager to say their vessels are cyber secure – not exactly a glowing report about the technical, operational, and organisational measures to manage cybersecurity risks.

Essential Cybersecurity Measures for Yachting Companies

Without proper cybersecurity measures, personal data, onboard systems, and even the safety of guests and crew can be compromised. A comprehensive cybersecurity strategy should include a range of measures. These can range from technical solutions, such as firewalls and encryption, to organisational measures, such as staff training and incident response planning.

Here are some essential cybersecurity measures for yachting companies:

  • A dedicated cybersecurity team or expert.
  • Secure and encrypted communication channels.
  • Regular software and system updates.
  • Regular training and awareness programs for crew and staff.  This helps everyone understand the importance of cybersecurity and their role in maintaining it. Basic security processes should be in place, such as strong passwords and two-factor authentication (2FA) or multi-factor authentication (MFA).  By fostering a culture of cybersecurity, companies can ensure that their staff are vigilant and proactive in identifying and responding to potential threats. This collective effort can significantly enhance the overall security of a yacht or a company.
  • A comprehensive cybersecurity policy and incident response plan involves identifying, assessing, and mitigating cyber risks – this applies to both yachts and companies ashore. It outlines the company’s approach to managing cyber risks, including the roles and responsibilities of staff, the procedures for handling sensitive data, and the steps to take in the event of a cyber incident. Equally important is an incident response plan. This plan provides a clear roadmap for responding to a cyber incident, minimising the impact, and recovering as quickly as possible. It’s a vital part of any cybersecurity strategy, ensuring that companies are prepared for any eventuality.
  • Cybersecurity insurance to mitigate financial risks.
  • Regular cybersecurity audits are crucial for maintaining the security of yachts and shore companies. These audits involve a thorough examination of the company’s cybersecurity measures, identifying potential vulnerabilities and areas for improvement.

A few extra considerations from my perspective as a freelancer:

Contracts: Sign a proper contract with employees and/or freelancers covering scope of work, non-disclosure and non-compete clauses. Make sure you define your intellectual property clearly, including confidentiality, trademarks and patents. Note for Freelancers: Before starting a project, it’s essential to weigh the pros and cons, assess your risk tolerance, and put an agreement in place accordingly.

Administrator Access: Make sure you monitor the access privileges; sometimes you need to grant a freelancer Administrator rights. If you do, then put it in the freelancer’s contract that they may only use the access control to enable them to use the assets to fulfil their duties. You should not post any sensitive login information in the chat feeds for WhatsApp or Facebook Messenger.

Offboarding: When a freelancer finishes a project or an employee leaves your company, you need to follow proper offboarding procedures. E.g. All access control should be removed (this includes in-house systems, social media access, advertising portals, and the backend of your website). Note for Freelancers: Be proactive and let the client know you are mindful of THEIR security, give proof that you have deleted the files/copies from your systems and computer.

By implementing these measures, yachts and yachting companies can significantly reduce their cyber risk and ensure the safety and privacy of their clients.