HVAC and Internet Security
As an HVAC business owner you’ve probably been warned about internet security. And you’ve probably thought to yourself, “Why would anyone target me? I’m just a small business, minding my own business.” But here’s the truth – if you think you aren’t a target, you are incorrect.
It’s not just large corporations like SONY, Home Depot, JP Morgan Chase, Yahoo, Target and Equifax experiencing major data breaches. It’s happening to HVAC distributors, suppliers, manufacturers and even your favorite marketing firm! Here at EB&L, we spent the better part of the last August prying ourselves from the grip of a tenacious hacker – and I wouldn’t wish those sleepless weeks, stress and lost revenue on my worst enemy.
As the HVAC industry becomes more connected and homeowners demand more automation, the need for internet security increases exponentially. And your risk and liability are along for that ride.
So what do hackers want with you? Their most common objectives are to 1.) gain access to your company data to exploit it in some way, or 2.) to hold your data ransom.
What kind of data are we talking about here? It could be sensitive company information – like your customer database, or credit card information of your customers. It could be your personal photos or even your identity. It could be control of your website. I know of a large HVAC distributor whose website was “stolen” and the hacker demanded hundreds of thousands of dollars to return it.
So what should you do to protect yourself?
The security experts we hired to get ourselves back online schooled us on this chilling fact: if a hacker wants to get in, they will find a way. Hackers are experts at finding the gaps in your security and exploiting them. The trick is to make it difficult enough for them so that they move on to an easier target. Simple things, like never, ever using the same password twice and having a protocol in place to change the passwords on your most sensitive online accounts (i.e. banking, credit cards, etc.) every 30 days are a step in the right direction. Using a password management system (like LastPass) is another step.
Security is uncomfortable. So get used to the fact that it’s going to take you longer, and there will be a few more steps, whenever you log on. But it’s well worth the few extra seconds of inconvenience to avoid being hacked. Trust me on this one. Download a list of internet safety tips for HVAC dealers here.
Being hacked was hands down the worst experience I’ve had in my career. We got through it with the support of our dedicated staff, patient and compassionate clients (one even sent us cookies!) and a competent security firm. Along the way, we learned a lot. We think of it now as a “character building experience.”
And, like most character building experiences, it sucked beyond belief.
If you’re still optimistically thinking, “this can’t possibly happen to me,” consider this: In late 2013, mega retailer Target suffered a major cyber attack resulting in personal and payment information of over a hundred million customers being compromised. Know how the hackers got in? Through Target’s HVAC contractor.
Written by: Elaina Burdick