PCA Articles

Consider this scenario…

You receive a message on Facebook Messenger from a customer.  The customer states that they had a bathroom leak on the second floor of their house which could lead to an extensive repaint project.  In the message they ask you to click on a link to see a photo of the problem.  You click on the link and something seems to happen but you don’t see a photo.  You don’t think that much about it and move on to something else.

Two days later a friend texts you to say they received a weird message from you on Facebook.  You question what is happening and then go to Facebook.  Facebook asks you to log back in, which is weird.  You try to log in but it tells you that your password isn’t working.  You try to login to Instagram and experience the same thing.

You’ve been hacked.  The cyber attacker now has control of your Facebook and Instagram accounts.  You use both fairly significantly for your business.  You post images of your recent work, have built your brand and will often communicate with customers and potential customers using the apps.  This situation is really troubling.

A few days later it gets worse.  You get a letter in the mail asking for $10,000 to get your accounts back.  The writer also says that if you don’t pay they will post some highly negative things that could significantly hurt your business.

This is a nightmare scenario.  If you think it can’t happen to you, you’d be very wrong.  A very similar thing happened to Pat Bennett, the owner of the small business Pat’s Granola in the Cleveland area.

Cyber attackers are working their way through the levels of business where they will receive the least resistance to their attacks.  They got all the money they could from large and mid-size businesses and are now targeting small and micro size businesses.  They can leverage tools to scale their attack so that they can go after hundreds to thousands of businesses at once and try to make money off of anybody who takes the bait.

This puts you and your painting business right in their cross hairs.  What can you do?  While there is no way to completely avoid attacks, the good news is that by implementing basic security measures and by practicing caution you can greatly reduce the chances that a cyber attack will be effective.

Follow these nine cyber security tips to protect your painting business and your finances:

1. Don’t use weak passwords

Don’t choose a password that someone could easily guess.  Create passwords that include capital letters, lowercase letters, numbers and special characters.  You can use a combination of phrases like LosAngelesRams!SuperBowl56Champs$ to help you remember if you need to remember a password.  Please change any passwords that currently violate these recommendations right now, or at least tonight.

2. Don’t use the same password twice

Don’t use the same password for everything.  In fact, you should never use the same password twice.  The first thing a cyber attacker will do if they find one of your passwords is to try the same email/password combination in numerous places.  If you’ve used the same password multiple times the problem intensifies quickly.

3. Don’t store passwords where they can be found

Be extremely cautious about storing your passwords in a web browser or on a personal device.  If you do store passwords either of those ways, be sure that you lock your devices (computers and phones) when you are not actively using them.  You should lock your devices every single time you walk away from them.

Don’t write passwords down and leave them in plain sight.  If you write your passwords down in some type of book it would be best to keep it locked up.

A password manager can be a great way to handle passwords.  Bitwarden, Dashlane, Zoho Vault and NordPass all offer free versions that are recommended.  The paid versions include features that are even more important for business owners.

4. Don’t post on any “About Me” threads on Facebook

These posts create easy targets for cyber attackers.   They can use them to try to figure out your passwords and impersonate you online.  Think about it, what security check questions does your bank ask you to be sure it’s you…high school mascot, first pet name, mother’s maiden name…probably the same exact questions that are included on these posts.

5. Don’t click on links in suspicious emails

If you receive an email that looks suspicious, be sure not to click on any links in it.  If it claims to be from a current or potential customer, or somebody else you know, call them to verify before you do anything.  Think before you click!

6. Don’t open any attachments in suspicious emails

Everything that holds true in #5 about not clicking on links in suspicious emails is also true for not clicking on attachments.  Don’t click on any attachments in an email that look the least bit suspicious.  Many file types can hold malware, including PDFs and Microsoft Office documents.

7. Don’t fulfill requests from suspicious emails

We are all well aware of the obvious approaches here like the Prince of Nigeria who needed our bank account info so he could wire us a million dollars.  However, the modern version of these schemes can be much more difficult to detect.

What would you do if you got an email from a subcontractor noting that their billing information has changed and you should now mail that $10,000 check to this new address or use this new bank account info for ACH?  The best answer is to call the subcontractor to verify the request before taking any other action.  You need to be hyper vigilant if you receive anything of this nature.

8. Don’t click on or respond to suspicious requests on social media

Let’s go back to the story of Pat’s Granola that was highlighted in the opening.  She was attacked directly on Instagram.  The cyber attacker was able to use an account representing one of her friends to get her to click and then steal her information.

Like with the email tips above, if you get any suspicious messages on social media asking you to click or download something, do not do it!  If it appears to come from a friend and/or customer call or text them first before you do anything.  Even responding can be dangerous because these cyber criminals are skilled at social engineering and getting what they want from people.

9. Educate your team about these important security measures

Like physical security, the cyber security of your business is only as strong as your weakest link.  If one of your crew members leaves your van with all your materials unlocked it’s a lot easier for a thief to steal everything.  The same is true of your digital assets and accounts.

Share all of these security measures with your employees.  Make sure they understand how important the key points are.  Tell them that if they see something they think might be suspicious they need to report it to you as soon as possible.  This won’t only help protect your business, it can help protect their personal finances.

Please treat all nine of these security measures as if your business depends on them…because it does.

About The Author