SUBSCRIBE NOW

CAR WASH

MAGAZINE STORIES

Cyber Risks with Car Washes

Cyber Risks with Car Washes

April 15, 2022

4 minute Read

BY JOHN SENGEL

Car washes are not immune to the risks of cyber attacks. John Sengel, President and CEO of JSCM Group, shares first-hand experiences about how your car wash business is being attacked, how money can be stolen from you and your customers, what you are not doing today that you should be, and your liability.

JohnWhen it comes to cyber security, the #1 thing to keep in mind is that every organization is at risk. The recurring mindset is that “we aren’t at risk, because we don’t have anything attackers want.” It’s this exact line of thinking that gets organizations into trouble, because it means no one is paying attention.

From malware to phishing to data breaches, the threats are endless. However, by implementing a few key changes into your organization, you can significantly improve your ability to protect your employees and your customers.

Third-party access

The key area of focus when it comes to targeting car washes is always money. It is not uncommon that a car wash will use a third-party payment processing company. The question you must ask yourself is, “Are they actually secure?” These organizations need to be properly vetted, and you should be asking them to verify they are going through yearly security assessments. In addition, you need to have a third-party review your own systems and identify any potential weaknesses in the third-party connection to your network. All it takes is one small hole, and attackers could work their way through to grab your customers’ payment information.

Multi-factor authentication

As we commonly say, “Passwords are dead.” The restrictions we have tried to implement on password security in the past no longer hold up, leading password compromise to be one of the top ways that information is obtained through malicious purposes. If you are relying on your users to create a secure password, it’s only a matter of time before a flaw is found. Instead, you should implement multi-factor authentication. This requires that they have a second form of identification needed to gain access. Whether it’s an app on their phone that generates a code or a physical token that can do the same, this helps protect their login from being compromised. Even if the password were to be discovered, the second form of access would not be easily breached. By implementing MFA, you can even reduce the security restrictions on your users’ passwords to make their lives a little easier.

“Email has reshaped the way we communicate with our employees, customers and vendors. It has also created an easy way for attackers to get to us.”

Phishing testing

Email has reshaped the way we communicate with our employees, customers and vendors. It has also created an easy way for attackers to get to us. All a malicious individual has to do is be somewhat convincing, and they can get an unsuspecting user to click on a link or provide high-levels of confidential information. Spam filtering only goes so far to stop these threats, so instead you must rely on user experience. The biggest point of weakness for any organization is its employees, because their actions cannot be controlled. To this end, you should be regularly performing phishing tests on your employees. You will be able to identify your organization’s overall susceptibility, and will also be able to pinpoint the individuals likely to fall for the attempt. You can then use this information to help combat future threats, because you know exactly where you stand.

User training

It is vital to the security of your organization to ensure you are putting all employees through ongoing training. This helps them stay in-the-know, and it helps you share valuable information to protect the organization. Train them on the things to look out for when using the internet, and teach them about phishing. If you aren’t sharing information with them, there’s no way to guarantee they will be able to identify a threat and act accordingly. Provide them steps that they should take if they notice something suspicious, and let them know that your organization takes all threats seriously. If you get them on board, they are more likely to speak up if something looks out-of-place.

Security is something we all have to focus on, but it’s not something to be afraid of. Even small changes can make a huge difference, as long as there is consistency. If you are unsure of where to start, ask for help. Once you take the initial steps to start being mindful of your risks, there’s no limit to the benefits you can provide for your employees and your customers.

ranjith ravindran/Shutterstock.com

Back to Listing

Share This:

RELATED STORIES

7 Ways to Amaze Every Customer Every Time
Pull Up a Chair with Qual Chem
AI Usage in Human Resources
Getting to Know Your ICA Board: Paul Stagg, Splash Car Wash
7 Steps to Drive Social Media Excellence
Rooting for the Home Team

International Carwash Association™
101 S. Cross Street, Floor 2
Wheaton, IL 60187
www.carwash.org

Published in partnership with:
The Wyman Company
For Advertising Inquiries: Please contact Heather McMillen at 352.900.3011 or download the media kit.

Copyright© 2023 International Carwash Association® | All rights reserved.