If you’re thinking cyber criminals aren’t interested in small businesses like your wash operation, you’re unfortunately wrong. In fact, according to recent reports, the average cyber-attack costs small businesses $200,000. What’s more, 60 percent of small businesses never recover and close their doors within six months of suffering a breach — if they are not prepared.

If you own a small operation, you may be making cybersecurity mistakes without even realizing it.


Below are some common mistakes made by small business owners:

My Wash Is Too Small to Be a Target

About 50 percent of all small businesses have had at least one cyber attack in the last 12 months, with 40 percent of those having two to four attacks.

You Can Just Use My Password

Smaller wash operations tend to form quite the comradery in the workplace, which can lead to a false sense of security when it comes to things like sharing passwords. When you share passwords, you lose the ability to track accountability and open your wash up to a world of threats.

Instead, take the time to create the necessary user accounts and levels of access to safeguard your data. Only allow access to information based on the needs of the employee’s position.

We Do not Have Time to Continually Update Software_

There are new software vulnerabilities discovered every single day, and hackers are taking advantage of them as soon as they can. When you skip updating your system, you are putting out the welcome mat for cybercriminals and offering up your data.


Following are the five greatest cyber threats your wash operations may face:

Phishing Attacks

Phishing is a type of “social engineering” attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker pretends to be someone you know or work with and tricks you into opening an e-mail, instant message, or text message.

Phishing accounts for 90

percent of all breaches. These attacks have grown 65 percent over the last year, and they account for more than $12 billion in business losses. There are several e-mail software programs that can help your employees learn to identify and report phishing attacks. However, the strongest defense is a robust security-awareness training program for your employees.

Malware Attacks

A malware attack occurs when cybercriminals create and install malicious software on someone else’s device without the person’s knowledge. The cybercriminal’s goal is to gain access to personal information or damage the device, usually for financial gain.

Different types of malware include viruses, spyware, ransomware, and Trojan horses. Malware attacks can occur on all sorts of devices and operating systems, including Microsoft Windows, macOS, Android, and iOS.

Smaller operations are more likely to employ people who use their own devices for work, as it helps save time and money. This, however, increases their likelihood of suffering from a malware attack, as personal devices are more vulnerable to malicious downloads. Endpoint protection solutions safeguard devices from malware downloads. Web security is also important; it helps stop users from visiting malicious webpages.


Ransomware involves encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data. Due to media coverage, this type of threat is well-known.

More than 70 percent of all ransomware attacks are directed at small businesses. Cyber criminals know that smaller operations, which often don’t have expensive back-up protocols, are more likely to pay a ransom. Top prevention measures include endpoint protection (across all devices) and effective data backup and recovery measures.

Weak Passwords and/or Password Sharing

Many wash operations need to access a variety of websites or resources that require passwords. Twenty percent of all passwords are easily guessed or shared with others. Wash owners should consider business password management technologies. They help employees manage passwords and suggest strong passwords. Additionally, small business owners should strongly consider implementing multi-factor authentication (MFA) across their organization. This ensures users have more than just a password to access systems.

People (Insider Threat)

An insider threat is a risk to an organization caused by the actions of employees, former employees, business contractors, or associates. These people can access critical data about your company, and they can cause harmful effects through greed or malice, or simply through ignorance and carelessness.

A Verizon report found that 25 percent of breaches were caused by people. To block insider threats, washes should ensure they have a strong security awareness culture. This will help stop insider threats caused by ignorance and help employees spot a cyber threat early on. Encourage employees to speak up when something does not look right.

Experts say there are only two types of small businesses in America — those that have experienced a cyber-attack and those that will experience a cyber-attack. If you do not have the means to evaluate and mitigate the threats to your wash operations, it is critical to ask for help. A qualified cyber consultant can help you identify the threats facing your wash. They will help you develop measures to mitigate risks and/or transfer risk to someone else through insurance or third-party services.

Dan Tharp; CIC, RWCS, RCLS; is the vice president of business insurance lines for Pearl Insurance. Dan has been helping business owners protect their operations, customers, and employees for more than 25 years. For questions regarding this article or any other insurance matter, he can be reached at (800) 447-4982 or dan.tharp@pearlinsurance.com. You can also visit one of the company’s websites. For insurance quotes please visit: pearlinsurance.com/automotive and for Internet/cybersecurity services please visit: pearltechnology.com