Over the years, advancements in technology have triggered more consumers to turn to the Internet for a variety of reasons, from purchasing goods and services to socializing and networking with peers. However, like the common cliché goes, “Nothing worthwhile ever comes easy,” and with this upsurge in Internet usage comes the heightened need for cybersecurity.
This past December, the U.S. Congress passed the Cybersecurity Act of 2015, which provides tools necessary to strengthen the nation’s cybersecurity, making it easier for private companies to share cyber threats with other businesses and the government.
Furthermore, President Barack Obama announced last month that he is directing his administration to implement the Cybersecurity National Action Plan (CNAP), which a White House press release reports takes “near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.”
The CNAP will also build on the 2014 BuySecure Initiative, with cybersecurity training to be offered to small businesses and stakeholders by the Small Business Administration (SBA), in partnership with the Federal Trade Commission, the National Institute of Standards and Technology (NIST) and the Department of Energy.1
As more carwashes move toward online and mobile app payments, as well as continue to utilize point-of-sale (POS) and customer management software, owners and operators must implement cybersecurity measures to not only secure customer information but also their bottom lines.
According to the Department of Homeland Security’s U.S. Computer Emergency Readiness Team, or US-CERT for short, cybersecurity involves protecting personal information by preventing, detecting and responding to cyberattacks.2
Some information technology (IT) threats are more dangerous than others, especially for businesses like carwashes that process customer information.
The US-CERT offers a series of security tips on its website, which includes a list of common IT risks, summarized below:
- Hacker, attacker or intruder: A person who seeks to exploit weaknesses in computer software and systems for his or her own gain. Although intentions can be somewhat benign and motivated by curiosity, these actions are typically in violation of the system’s intended use. The results may range from simple mischief (developing a virus with no intentional negative impact) to malicious activity (altering or stealing information).
- Malicious code: Malicious code, also referred to as malware, is an expansive category which includes any code that can be used to attack a computer — for example, viruses and worms. It can have the following characteristics:
- A malicious code might require you to actually do something before it infects your computer, such as opening an email attachment or going to a particular website.
- Some forms can spread without intervention from the user and typically will start by exploiting a software vulnerability. Once one computer has been infected, the malicious code will attempt to find and infect others. This code can also propagate through email, websites or network-based software.
- A malicious code can also claim to be one thing, but then do something entirely different. For example, a program claiming it will speed up your computer may really be sending confidential information to a remote intruder.
- Vulnerability: In most cases, a vulnerability is caused by a programming error(s) in software. An attacker might be able to take advantage of this error(s) to infect your computer, so make sure to apply updates or patches that address any known vulnerabilities.2
Keeping in mind these potential threats can help carwashes take the appropriate steps to protecting their customers and operations from cyberattacks.
Preparing for e-battle
In a 2014 data breach study conducted by the Ponemon Institute, 43 percent of companies surveyed reported experiencing a data breach in the past year, which was up 10 percent compared to the year before.3
Moreover, consultant company NTT Com Security recently released a survey which revealed only half of the 1,000 polled business executives had a formal plan in place to safeguard their networks and data from possible cyberattacks.4
As carwash owners and operators, it is imperative to stay ahead of potential attacks and keep security a top priority by making sure Web-based technology, software and computer systems are properly protected. And, once your defenses are in place, make sure all team members are adequately trained on cybersecurity best practices, and audits and system security checks are regularly conducted.
In the January cover story of Professional Carwashing & Detailing, Group Editorial Director/Editor in Chief discusses technology’s impact on carwashing. In this feature, Walter Sanders, brand manager for Innovative Control Systems (ICS), provided a more in-depth look at IT security measures.
Proper system protection and “use policy” enforcement are vital for carwashes today, he explains in the article, and computer networks, especially those with point-of-sale (POS) systems, are prime targets for cyberattacks. Likewise, employees misusing these systems can increase exposure to these threats, so using intelligent controls and automated system monitoring can help prevent most cyberattacks from occurring.
Additionally, Sanders continues in the sidebar that chip-and-PIN cards, also referred to as EMV, and readers have been proven to reduce fraud. A business can buy a chip reader validated for its point-to-point encryption by the PCI council, which reduces the liability for data breaches. And, he adds, “These two technologies together offer superior protection.”5
Yet even with the added security, many businesses still haven’t installed chip readers. A survey conducted by management consulting firm The Strawhecker Group (TSG) estimates currently only 37 percent of businesses are able to accept chip cards. However, the TSG survey also forecasts that statistic will rise to 50 percent by June.6 Will your carwash be part of this projected growth?
By assessing the risks and taking the necessary measures to safeguard IT assets, carwashes can come out on top as the victors in the ever-evolving battle of cybersecurity.
- “FACT SHEET: Cybersecurity National Action Plan,” the White House; Feb. 9, 2016. https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan.
- “Why is Cyber Security a Problem?” Security Tip (ST04-001); US-CERT; Feb. 06 2013. https://www.us-cert.gov/ncas/tips/ST04-001.
- Elizabeth Weise, “43% of companies had a data breach in the past year,” USA Today; Sept. 24, 2014. http://www.usatoday.com/story/tech/2014/09/24/data-breach-companies-60/16106197/.
- Jonathan Vanian, “Many Companies Still Procrastinating When It Comes To Cybersecurity,” Fortune; Feb. 16, 2016. http://fortune.com/2016/02/16/companies-procrastinating-cybersecurity/.
- Rich DiPaolo, “Operations in the palm of your hand,” Professional Carwashing & Detailing; Jan. 2016. http://www.carwash-digital.com/201601#&pageSet=19.
- “EMV Merchant Adoption Slower Than Expected,” BusinessWire; The Strawhecker Group; Feb. 17, 2016. http://www.businesswire.com/news/home/20160217005243/en/EMV-Merchant-Adoption-Slower-Expected.