Karen L. Edwards, Executive Director, RT3
Did you know that 43 percent of cyberattacks targeted small businesses according to Accenture? Of those small businesses, only 14 percent were prepared for attackers. How would your business fare if you were the target of one of these attacks? If you’re not sure, you are not alone. Inc.’s research showed in a survey of 1,377 CEOs of small to mid-sized businesses, that 62 percent reported they didn’t have a cybersecurity strategy at all. CNBC reports that these attacks cost small business $200,000 on average and more than half of all small businesses were affected by a security breach in the last year alone. Over half end up going out of business within six months of an attack.
Roofing contractors are not exempt from cyberattacks. Trent Cotney, Cotney Attorneys & Consultants, recommended in a recent industry interview that contractors talk to their insurance agents about coverage against cybercrimes as they are seeing an increase in this area. “We’ve had ransomware calls (from contractors), where their entire system is hijacked. We have had a ton of wire fraud, where someone is smart enough to be in the background, figures out when you’re communicating and when the customer sends the money, the money’s gone,” explained Cotney.
Today’s hackers have gotten very sneaky and even more sophisticated over the last year, as more businesses have made the transition to rely on technology to run their companies. When hackers manage to steal sensitive information, it exposes victims not only to data theft but potential legal troubles. Putting a strong cybersecurity strategy in place may seem overwhelming but there are plenty of simple things that you can do to start protecting your business.
The first step is to make sure you understand what tech equipment you have in your business. You probably know how many spray rigs your business owns or how many trucks but do you know how many laptops, tablets and phones you own? Are they all set to automatically update software and security patches? Are they all in your team’s possession? Often a lost or stolen device is an easy way for hackers to obtain access to your network.
When your team members understand the risks, dangers and how hackers gain access to an organization, they can help prevent unauthorized access. Often, hackers will use techniques that trick someone into doing something that jeopardizes the company’s security. You may have heard of phishing or email spoofing where someone is fooled into thinking a request or message is legitimate. The hacker only needs someone to let them in and, once they gain access, they start wreaking havoc. Because
more often than not, the hackers are after money and they will often target the person who handles your finances.
Antivirus software should be installed on every one of your devices that you identified in the step above. This is software that works hard in the background, scanning the device for malware and potential threats. When it finds something, it can quarantine the malicious program to prevent it from infiltrating your entire network.
Sometimes, hackers can spoof your email address by making it appear that a message is from someone within the company. They copy the “@yourcompany.com” portion of the email address to fool someone into thinking they can trust the message. DMARC (Domain-based Authentication, Reporting and Conformance) is an email standard that provides a way to verify if the sender is truly from within your organization. If the sender is from outside of the company, it adds a warning message to the recipient
to use caution when clicking links or downloading attachments.
The loss of data from a cyberattack or equipment failure will be less painful if you have recent offsite backups of your data. There are many tech companies that provide automated, online backup and encryption for your files and data. The investment into this protection is well worth budgeting for if you aren’t already backing up.
2FA provides an extra layer of security that presents a challenge to the person trying to gain access to a network or even a website. Many banks require it when a user is logging in from an unrecognized device or network. The user must receive a code either via email or text message that they are required to enter to verify their identity.
According to Nordpass, the top password of 2020 was 123456 and it only took less than one second to be cracked. More than 2.5 million people used this password and it was exposed an estimated 23 million times. Passwords should be a minimum of eight
characters long and use a combination of upper- and lower-case letters, numbers and special characters. Avoid using things that might be easy to guess such as a birthday or a pet’s name.
The Global Cyber Alliance (GCA) is an organization formed in 2015 that is committed to reducing cyber risks by building measurable and easy-to-use tools that are freely available to businesses. They have prepared a small business toolkit to help business owners learn about their risks and implement steps to protect themselves from attacks. Visit gcatoolkit.org/ small business to get started on your cybersecurity plan today.
Karen L. Edwards is Executive Director of the Roofing Technology Think Tank (RT3), a group of industry thought leaders striving to improve lives by discovering and leveraging technology accelerators to make our industry and roofscapes stronger.
Previous Article