Crews should therefore be very aware of the potential for their network traffic to be intercepted whilst on shore or close to shore. Operators should also be alert to the potential for their crews data and communications to HQ by mobile phone and via the vessel when close to shore being intercepted.

A good defence against cellular (or any data) interception is to run a personal VPN from ones phone and laptop. Whilst free VPN software is available, there is some variability in the quality. Advertising is often used to compensate the VPN vendor. Instead, you may consider paying for a VPN service, given its importance to your privacy and resistance to data interception.

Business mobile devices should have a VPN or mobile device management (‘MDM’) platform installed. This provides an additional layer of defence against hacking. An MDM creates a secure environment within the smart phone or tablet that protects sensitive corporate data.

If no MDM or VPN is present, it is relatively straightforward for a hacker to fool the user in to allowing them to intercept sensitive data.

Whilst the detail of cellular network security is beyond the scope of this, there are some basic principles that will be of use to the seafarer and vessel operator:

2G networks are easily spoofed – a hacker can trivially set up a fake cellular base station with <$100 of equipment.

3G networks require ~$5,000 of equipment to successfully spoof.

4G networks can be spoofed, but expensive equipment is currently required

Ask if anyone on the crew knows the admin password. If not, who does know it?

Is it written down anywhere? It is often written on a note physically stuck to the terminal! Here are some examples of passwords stuck to computer systems found on vessels:

Review the password if it is supplied to you. Is it at least 10 characters long, does it have uppercase, lowercase, numbers and non-alphanumeric (e.g. !”£$%^ etc) content. However, “Password1!” would not be acceptable.

Is the password ever changed? If so, how often? Once per year would be reasonable, or when key personnel leave.

How is the terminal administrated? Does anyone on the crew know how to fix bugs with it, if it failed at sea?

One issue that many people have found around the work with cloud storage is that the security of it is very much compromised. Thousands of everyday people and celebrities have had much of their personal details, photos and video stolen by hackers and leaked them to the web.

Image of an SSL cert error on iOS and Android

Whilst these are sometimes legitimately seen when connecting to a public Wi-Fi hotspot, they are also a common route for hackers to intercept email. Do not accept the certificate!