October is filled with Halloween costumes, jack-o-lanterns, and scary movies. It’s also National Cybersecurity Awareness Month – a good time to highlight a particularly spooky subject in the chemical distribution industry: cybercriminals and their increasingly advanced attempts to steal chemicals.
A recent report released from the Office of Private Sector (OPS) found a rise in the number of phishing cases reported to the FBI by National Association of Chemical Distributors (NACD) members between March 2022 and May 2022. The report stated that fraudulent abettors are posing as companies, contacting chemical distributors by email or phone, and attempting to open a line of credit to buy various chemicals that are integral to products we need for our daily lives, but can also be used for illegal purposes.
NACD is taking this issue very seriously, and so should the entire chemical industry. It’s our responsibility, as producers, distributors, and handlers of chemical products, to not only abide by federal rules and regulations but to uphold the highest standards of responsibility to best protect our customers and communities.
There are two major changes chemical handlers can implement if they haven’t already. First, be proactive and train your employees to know when they are dealing with a fraudulent call. Your workers are one of the most vulnerable targets for hackers and the key to securing your company for years to come. Companies should provide cybersecurity training to employees to help them stay up to date on the latest tactics, identify suspicious activity, and ask the right questions when a caller's demeanor seems abnormal.
Chuck Brooks, President of Brooks Consulting International, Cybersecurity and Emerging Technologies expert says, “anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization, or a website you may frequent.” The responsibility of identifying a fraudulent caller is a great deal of pressure to put on just one employee, and we encourage members consider a second set of eyes to boost the likelihood of catching potentially malicious orders before they ship. Another best practice is to know your customers, their employees authorized to make orders, the types and amounts of chemicals they typically order, and to contact them directly before fulfilling any questionable orders.
The growing number of phishing attacks also brings attention to the importance of cyber hygiene, including strong passwords, multifactor authentication, and installing good anti-malware software and updating it regularly. By requiring multiple credentials before granting access to user accounts or systems, companies have a strong basis from which to counter even the most complex cyberattacks. The more obstructions an opponent faces, the more likely they will forgo their mission.
NACD’s highest priority is the safety of our members, their customers, and the communities in which they operate. NACD advises our members to proactively follow the Cybersecurity and Infrastructure Security Agency (CISA) protocol should a breach occur. If you suspect any suspicious activity in your facility, please notify CISA and NACD immediately. Include the facility name, address or location, contact information, and specific security concerns in your report, if possible. CISA will review and consider the information provided to take appropriate action. You can also visit NACD’s Security Issue Page or CFATS resource page to learn more about cybersecurity best practices you can carry out not only this October, but all year long.
Read more about how CISA and one NACD member are tackling chemical fraud attempts in the upcoming Q4 issue of NACD’s Chemical Distributor Magazine.
You must be logged in to post a comment.