Repair Shop Advice

Bad Passwords and 8 Other Cyber Security Errors to Avoid


September 8, 2022

Have you heard a story about a large company suffering a cyber attack and thought to yourself, “I’m glad that we are too small to worry about that”? Well, I’m sorry to tell you that you absolutely do need to worry about cyber attacks on your auto repair shop.

Now that cyber attackers have gotten what they could from large companies they are targeting smaller businesses. They can much more easily get what they want from hitting 100 small companies with no security measures in place than they can from trying to hit a larger company with more mature security practices.

What does this mean for your auto repair shop? You are much more likely to get targeted. The good news is that by implementing basic security policies and by practicing caution you can greatly reduce the chances that any attack will be effective.

Avoid these slip-ups to protect your business and your finances:

bad password

1. Using weak passwords

Don’t use passwords that you use elsewhere. Use one password one time. Don’t pick a password that someone might guess. Create passwords that include capital letters, lowercase letters, numbers and special characters. If you violate these recommendations with any of your current passwords, please change them now, or at least tonight.

2. Storing passwords where they can be found

Be extremely careful about storing your passwords in your web browser or your personal device. If you do that, be sure that you lock your device (computers and phones) when you are not actively using it. Do not write passwords down and leave them in plain view.

A much better plan is to use a password manager. Bitwarden, LastPass, Dashlane and Keeper all offer free versions that are recommended. The paid versions include features that are even more important for business owners.

3. Posting answers to those “15 Things You Should Know About Me” threads on Facebook

Cyber attackers absolutely use those types of posts to get information about you that they can then use to try to figure out your passwords. Think about it, what types of things does your bank ask you to be sure it’s you…first pet name, mother’s maiden name, street you grew up on…

4. Leaving your computer unlocked when you step away from it

You may not realize it, but it would be pretty easy for somebody to pull all of the data they need to ruin your business off your shop’s main computer while you stepped away to check on a car or go to the bathroom. With all the people that come in and out of your shop during a regular day it wouldn’t be that hard for somebody who was neither a customer nor a vendor to wait for a time when your shop was busy, walk into it when you are distracted, and walk out of it with access to all of your accounts. Lock your computer every time you step away from it.

5. Clicking on links in suspicious emails

If you get an email that seems suspicious, don’t click on any links in it. If it seems to be from somebody you know or somebody that appears to be a potential customer, call them to verify. Think before you click!

6. Opening attachments in suspicious emails

Tell me if you’ve heard this before… if you get an email that seems suspicious, don’t click on any attachments. Many file types can hold malware, including PDFs and Microsoft Office documents.

7. Fulfilling requests from suspicious emails

We can all now laugh about the emails that we used to get from the Prince of Nigeria who needed our bank account info so he could wire us a million dollars. But there are similar modern schemes that are going around that are much trickier. If you know the sender, call them to verify the request. If you don’t know the sender, you should probably just delete the email. If something seems too good to be true it almost definitely is.

8. Throwing away documents that may have important information on them

You may take for granted that when you put paper in the garbage it ends up in a dumpster or recycling bin. But how often are you throwing paper in the trash that may have sensitive information on it, like that password you didn’t want to forget or a customer’s credit card number? All such paper should be shredded. In fact, it may be the best policy to shred all paper waste.

9. Not educating your team about these important security measures

While it’s very important for you to know these things as the business owner, your cyber security is only as strong as your weakest link. Be sure to share all these things with your employees. Make sure they understand the key points and how important they are. Tell them that if they see something they think might be suspicious they need to report it as soon as possible.

Treat all nine of these things as if your business depends on them…because it does.