Have you recently heard a news report about a large company suffering a cyber attack and thought to yourself, “I’m glad that our painting business is too small to worry about those types of attacks”? Unfortunately, the truth is that you do need to worry about cyber attacks.
Now that cyber criminals have gotten as much as they could from large companies, they are turning their sites onto smaller businesses. With increased security defenses built up for medium and large companies, they are much more likely to get what they want from hitting thousands of small companies with no security measures in place.
What does this mean for your painting business? You are much more likely to be in their cross hairs. The good news is that by implementing basic security measures and by practicing caution you can greatly reduce the chances that a cyber attack will be effective.
Avoid these cyber security lapses to protect your painting business and your finances:
1. Using weak passwords
Don’t use the same password for everything. In fact, you should never use the same password twice. Don’t pick a password that someone could easily guess. Create passwords that include capital letters, lowercase letters, numbers and special characters. Please change any passwords that currently violate these recommendations right now, or at least tonight.
2. Storing passwords where they can be found
Be careful about storing your passwords in your web browser or on a personal device. If you do store passwords that way, be sure that you lock your device (computers and phones) when you are not actively using it. You should lock your device (or devices) every time you walk away. Do not write passwords down and leave them in plain view.
A much better plan is to use a password manager. Bitwarden, Dashlane, Zoho Vault and NordPass all offer free versions that are recommended. The paid versions include features that are even more important for business owners.
3. Posting answers to any “About Me” threads on Facebook
These types of posts are a gold mine for cyber attackers. They can use them to try to figure out your passwords and impersonate you online. Think about it, what security check questions does your bank ask you to be sure it’s you…high school mascot, first pet name, mother’s maiden name…
4. Leaving your computer unlocked when you step away from it
This was also mentioned in #2 and it’s worth repeating. It may not apply to you if your business computer is at home and stays there. But, if you use a laptop or a tablet that you travel with, it would be pretty easy for somebody to pull all of the data they need to ruin your business off of that device.
You go to a coffee shop. Place your order. Grab a table while waiting and open up your laptop. Hear your order called. Walk over to get your order. Get distracted by somebody who talks to you. When you start walking back to your table you realize that your laptop is gone…and access to all of your business accounts are on there. Lock your computer every time you step away from it.
5. Clicking on links in suspicious emails
If you get an email that looks suspicious, don’t click on any links in it. If it claims to be from somebody you know or a potential customer, call them to verify. Think before you click!
6. Opening attachments in suspicious emails
Tell me if you’ve heard this before… if you get an email that looks suspicious, don’t click on any attachments. Many file types can hold malware, including PDFs and Microsoft Office documents.
7. Fulfilling requests from suspicious emails
We can all now laugh about the emails that we used to get from the Prince of Nigeria who needed our bank account info so he could wire us a million dollars. But there are similar modern schemes that are going around that are much trickier.
What would you do if you got an email from a subcontractor that says that their billing information has changed and you should now send that $10,000 check to this new address or use this new bank account info for ACH? If you know the sender, call them to verify the request. If you don’t know the sender, you should probably just delete the email. If something seems too good to be true it almost definitely is.
8. Not educating your team about these important security measures
While it’s very important for you to know these things as a business owner, your cyber security is only as strong as your weakest link. Be sure to share all these security measures with your employees. Make sure they understand the key points and how important they are. Tell them that if they see something they think might be suspicious they need to report it as soon as possible. This won’t only help protect your business, it can help protect their personal finances.
I encourage you to treat all eight of these security measures as if your business depends on them…because it does.