Keeping Data Thieves at Bay

Cybersecurity attacks have cost companies $315 billion — and the pest management industry isn’t exempt from this growing issue.

© thinkstock.com
Editor’s Note: This article is the second in a series focusing on risk management practices for the pest management industry. The articles are based on presentations from the 2015 PestSure Safety and Loss Prevention Conference where PMPs gathered to hear the latest strategies for protecting their employees, customers and businesses from a variety of threats from driver safety to data theft. In business for more than 30 years, PestSure is a nationwide association providing insurance and risk management services that is owned and operated by pest management professionals.

Cyber-attacks are costing U.S. businesses an estimated $400 to $500 billion a year — and these are only the attacks that are reported. There are many more instances where companies have been attacked online and they simply have dealt with the matter internally and moved on.

The explosion in the use mobile technology — smart phones, tablets and other mobile devices — by consumers and businesses has made staying connected and doing business easier and more convenient but it increases the risk of individuals and companies becoming victims of data and identity theft.

Court Parker, chief problem solver/COO of Bug Busters USA in Atlanta, is all too familiar with the fallout from a cyber-attack. Bug Busters has dealt with two separate incidents — in May 2013 and more recently last November — where hackers attacked the company’s phone and computer systems.

“The average business runs 936 cloud-based systems annually and there are more than 4,900 new Android malware samples out there each day,” says Parker. “The threat is very real as we found out.”

In the first attack, hackers entered through a hole in Bug Busters’ VPN and created chaos within the pest control company’s phone server. The second instance had hackers drain bandwidth from the company’s computer system through an old XP model computer located in a branch office.

After working with vendors to identify the source of the problem, Parker overhauled his approach to IT and moved his servers off-site to a secure third-party hosting company. He also reviewed protocols on his phone and computer systems to ensure they received regular checkups.

In the aftermath of these incidents, Parker encourages pest management professionals to carefully vet vendors before selecting one, do your research and ask plenty of questions.

“Make sure you select experienced, progressive hosting and phone system providers that understand the needs of the service industry,” says Parker.

Fortunately, in both instances no customer or employee data was compromised but the incursions forced both Parker and his team to spend significant time trying to correct the problems. It also caused Bug Busters’ traditionally fast and efficient customer service to slow to a snail’s pace as the firm put out fires.

“For the most part our customers did not know there was a problem except for some minor delays in service and response time,” says Parker. “Where it had the most impact was internally. People were working twice as hard to accomplish ordinary tasks and production levels dropped. In the pest management industry time is money and when employees are not productive it leads to stress and customers can sense that.”

Parker says it is hard to put a specific dollar amount on the lost time and aggravation but there were hard costs to bringing in IT consultants and switching server hosting and phone providers.

A BACK UP. In the past two years the cyber insurance market in the United States has grown from $1 billion to $2.5 billion and is expected to grow significantly in the next five years.

Parker suggests owners talk with their insurance carrier and see if technology issues are covered under their business interruption policy.

“If your technicians are running on mobile scheduling systems and your server goes down you won’t be able to print service tickets or schedule appointments, and that will bring your business to a standstill,” says Parker.

How can pest control companies reassure customers that doing business with them online is safe and secure?

Mark Pribish, vice president and ID theft practice leader for Merchants Information Solutions, a nationally recognized provider of identity theft protection and recovery solutions, says companies need to be transparent on what their processes are and communicate those frequently.

“Talk about the steps your company has taken to safeguard their information,” says Pribish, a widely recognized cyber-security expert who is frequently interviewed on the topic. “Have your company’s policy posted on your website and available in collateral materials. Talk about the basics and how safety and security are important to your company.”

Pribish also recommends creating a checklist of the steps your company is constantly taking to protect customer data and make sure the list is followed.

CYBER SECURITY CHECKLIST. The following is a cyber security best practices checklist for your pest management firm to consider:

  • An initial assessment during a cyber-incident. During a cyber-incident, your business immediately should assess the nature and scope of the data-breach event. The type of incident will determine the type of assistance you will need to respond and the type of damage and remedial efforts that may be required.
  • Implement measures to minimize continuing damage. After your business knows whether the incident is an intentional cyber intrusion or an accidental release, determine next steps to stop ongoing damage and take steps to prevent it from happening again.
  • Record and collect information. Your business should immediately make a “forensic image” of the affected computers and/or a record of the data-breach event to preserve a record of the incident for later analysis and potentially for use as evidence at trial.
  • Notify. Contact employees within the organization, affected individuals outside the organization and law enforcement if criminal activity is suspected. Also, know that 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have notification laws in place to notify any individual whose personally identifiable information has been breached.
The author is a partner of B Communications. Email him at jfenner@gie.net.
April 2016
Explore the April 2016 Issue

Check out more from this issue and find your next story to read.