CYBER SECURITY TIPS – FOR SUPERYACHT CREW

5th June 2020

The rapid spread of COVID-19 Globally has tested the IT competency of many superyachts to keep their crew in contact to perform their duties remotely (perhaps more prevalent for Captain’s and other Heads of Department) if they have been stranded, or to ensure communications are adequate for crew who have been locked down onboard. Unfortunately, not all were fully prepared for this rapid shift to remote working and with restrictions easing in many places in Europe both remote and new crew will be joining their yachts in the coming weeks. The need for Captain’s, ETO’s and Engineer’s to respond quickly to these events and ensure the yacht operations continue can leave their yachts and crew exposed to increased cyber risks.

For Superyacht Crew, here are our 5 top tips to keep cyber safe online:

1. Know your cyber risks

You will be relying heavily on your ETO/Engineer/IT support/security team/supplier to do what is necessary to secure your data and your crew in this new paradigm.  Weaknesses in your superyacht defences may be more hidden now everyone has been working from home or while yachts have had skeleton crew over the past months.
However, it is recommended to complete a 3rd party cybersecurity assessment, or audit those defences to make sure you are as safe as you think you are and perhaps also address limitations of your infrastructure that may have been highlighted since the worldwide lockdown. Riela Cyber has developed a ‘Roadmap to ISM Compliance for Cybersecurity’. It has been highlighted to us when talking to crew within the industry that there isn’t a cybersecurity company currently offering an entry-level product to help crew, management and their owners to start addressing the subject of cyber ahead of the 2021 regulations.
We have listened to the industry and developed a top-level, remote cyber risk assessment. In under an hour’s phone call with one of our cyber engineers, a comprehensive report is provided with a risk posture heat map, overall risk score, as well as explanations and recommendations. At a cost of only £750, the Riela Remote Cyber Risk Assessment provides you and your yacht access to all of this information specific to your vessel. There isn’t a better place to start to help plan and execute your yacht’s own ‘Roadmap to ISM Compliance for Cybersecurity’.
Further information about the product can be found here.

2. Review your cyber policy

If you have not completed a comprehensive review of your superyacht’s cybersecurity policy in the past 3-months it is highly recommended to do so at the earliest opportunity.
It is advised that they are regularly reviewed and updated, however, based on recent events it would be advisable to complete a thorough review soonest to ensure the policy remains accurate and relevant.
If you don’t have a cybersecurity policy or it needs assistance from cybersecurity experts, our cyber engineers can provide the right guidance tailored to you and your superyacht’s infrastructure and circumstances. Twinned with the safety and compliance knowledge within our Riela Yachts team, we’re confident we can deliver the appropriate policies harnessing the expertise and skills within our two Group companies.

3. Check email encryption

Directed and socially engineered phishing, known as “spear-phishing“, is much more likely to be directed at you during this time.  Be extra vigilant when communicating and transacting.  Email is especially vulnerable.  Your email service may be secure, but built-in email encryption relies on both sender and receiver to be capable of encryption (it’s called “opportunistic TLS“).  Your email to weaker recipients may be intercepted, your writing style and email signature emulated, and your email domain spoofed.  When communicating authorisation, especially financial, always follow up using a second form of communication (use an encrypted messenger or phone call to confirm critical emails, etc.)
A FREE tool you’re welcome to share with crew is our FREE email encryption checker which focuses on a common weakness of unencrypted outbound email connections. Visit our FREE tool here. Our autoresponder will reply letting you know of any weakness it finds on the communication. This information will remain private and secure. If your yacht mailbox is configured correctly you will receive a ‘STRONG ENCRYPTION’ response. Any other response will confirm any identified weakness.

4. Use strong, unique passwords

Many companies and online services now ensure you’re required to include a minimum number of different characters and symbols as well as a certain length. However, this is the minimum and as a crew member, you should ensure you protect yourself further by not just adhering to the minimum criteria but always use complex, long phrases or words made up of the required special characters.

Understanding that long and complex passwords are hard to remember. Especially if you follow best practises and never reuse a single password. This is a big ask, especially when you may be required to remember account credentials for 50, 100 or more accounts or protect important documents. Re-using passwords is the easiest way to login to all these services but it’s also the easiest way of increasing your cyber risk. Fortunately, there are secure and easy-to-use tools which can help store passwords as well as generate new, unique passwords each time you create or must remember a new login. Companies such as LastPass, Dashlane and 1Password are all renowned for providing a secure service, as well as other providers.

5. Provide adequate cyber security awareness training

The vast majority of cyber incidents start here. Cybercriminals will be using the outbreak of COVID-19 to ‘phish’ for new opportunities to steal information or gain access to bank accounts or invoices. Make sure your crew have proper training so they can defend themselves and your superyacht from this kind of attack. 
Level up your knowledge and test your skills with this free cyber training session we have created. It will be available until Sunday 28 June 11:00 pm (GMT +1). You’re also welcome to share the training with your entire crew and we can provide you with the results!

Most importantly, if you’re unsure about anything security-related, check! This list is by no means exhaustive. Use further tools to stay secure and you’re welcome to contact us for more detailed and relevant advice.

Riela Cyber comprises cybersecurity experts that can provide guidance, services and support to further protect your yacht from cyber-based risks. If your yacht could benefit from further specialist advice to protect your superyacht please contact:

For all enquiries contact Matthew Roberts on +44 7425 314 973 or email: matthew@riela-group.com