Get Our Email Newsletter

This content is made possible by our sponsors. Click here to learn more.

Make Cyber Protection a Team Effort

The pandemic forced many organizations to quickly transition to a digital workplace. For many companies in the wood niche, this was the first time their employees went remote. With little time to prepare, many organizations may have failed to consider best digital practices and securing their digital workplace. As a result, organizations have been left vulnerable to cyberattacks. No matter the business you operate or the industry you are in, cyber criminals can quickly access bank account numbers, passwords and other sensitive information if proper protocols and training are not in place.

No Industry is Safe

It is important to understand businesses in the wood niche are not immune to cyber related crimes. Lumber and building material dealers also need to understand that cyber attacks are not only costly, but they also can bring business to a stop and cause serious reputational damage for the victim company.

In 2019, a hardwood flooring retailer suffered a malware attack resulting in part of their network being shut down for several days. Luckily, most of the company’s data, such as sensitive customer information, was kept on an outside network. Increased security protocols may have saved them from a worse outcome. It was speculated to be a ransomware attack in the days following, however the company had a plan and acted quickly. Similar attacks are becoming increasingly popular, and attackers are becoming increasingly confident and malicious.

Outside the lumber industry, a hospital was recently subject to a phishing email event which exposed medical records for roughly 12,000 patients. A staff members’ email was breached and in the process of setting up dangerous phishing threats targeting other hospital staff, the attacker leaked personal information for many patients. Cyber events like this can cause major reputational damage, making the business look unprepared and untrustworthy with significant information.

Types of Cyber Attacks

Cyber related crimes are particularly dangerous due to their sly nature. Attackers prey on victims by working in the background of a business’ information system. Often, victims do not realize an attack is taking place until they lose control. Cybercriminals employ several tactics to infiltrate a business. It is important for lumber and building material dealers to understand the ways in which these criminals can get to their sensitive data in order to train their employees about cyber risk and protect their business.

  • Malware is software attackers utilize to infiltrate information systems. Businesses that have out-of-date or faulty information systems are left particularly vulnerable to malware. Viruses, spyware and worms are just a few forms of dangerous software that can open doors for attackers to acquire data.
  • Ransomware, the most common tactic among attackers, utilizes malware to lock businesses out of their systems and then demands a ransom be paid to regain access. Even after ransom is paid, there is no guarantee data will be released or can be recovered, leaving businesses at the mercy of their attacker. 
  • Phishing allows attackers to make their introduction to a business and eventually utilize ransomware or request documents. By using email aliases, attackers can pose as internal personnel, vendors, etc. to request information or release malware when the receiver opens the message or attachment.

Protect from the Top Down

As the workforce continues to shift, remote employees and increased online communications may leave some lumber and building material dealers wondering where they should start. Ensuring employees are utilizing secure Wi-Fi networks, confirming your company has access to secure servers and making sure your business is implementing software to allow employees to communicate safely are just a few factors that can quickly become overwhelming to a lumber and building material dealer or any business owner with limited IT experience.

Cyber criminals will seize any opportunity to infiltrate an organization regardless of a target’s job title or decision-making status. Everyone is vulnerable. In fact, many cyber criminals do not even know what company, big or small, they have targeted until they have access to their information.

Consider these tips to secure your business’ online workplace:

  • Secure IT practices are vital to a digital work structure. Ensure every remote employee has access to a secure network. Password security is the first line of defense when attacks strike. Consider requiring strong passwords along with several types of credentials, known as multi-factor authentication, throughout your organization to access data.
  • Update software regularly and from a trusted source. Software is regularly updated by manufacturers to improve useability and security. With today’s sophisticated technology, software updates often occur automatically. However, users should still be checking to ensure updates have been applied directly from manufacturers. Third-party source updates can open your device up to an attack. Only utilize updates from an app store or the manufacturer’s website.
  • Train your employees to utilize best practices and recognize potentially malicious behavior. Cybercriminals attempt to infiltrate an organization through anyone from the front desk to the CEO. Every employee should know what to be aware of and how to combat it. Employees should be given a proper training session on the organization’s security practices and common tactics used such as phishing. Additionally, employees should be provided a clear incident management program to report cyber-attacks or attempts. Cyberattacks move quickly. Employees need to understand how and when to act to prevent an attack or mitigate impact. 

Is Cyber Insurance Right for Your Business?

Check Point research reported in a 2021 survey on cyberattacks that “researchers have seen 50% more attacks per week on corporate networks compared to 2020.” The concerns are valid and the stress is looming on business owners everywhere. Cyber insurance can provide lumber and building material dealers with some peace of mind.

Several factors should be taken into consideration when selecting cyber coverage. Insurance can offer support and protection for various attacks. A lumber and building material dealer’s existing insurance policy could provide some cyber coverage, but it may not be sufficient for the business’ needs. Owners and operators should ask their broker or insurer about what coverage they have, if any.

The most important part of responding to a cyber-attack is acting effectively and quickly. Cyber liability insurance can help with data recovery and systems restoration, as well as response expenses. Restoring a system to operational status, communicating with the public and stakeholders, providing credit monitoring services and navigating potential lawsuits all need careful attention when an attack strikes. Remember, cyberattacks are complex, when sensitive information is compromised detrimental reputational damage can ensue. Victims of attacks have to ensure their employees and customers are being regularly updated to rebuild any broken trust as a result of the attack. A cyber liability policy can help ensure there a is a plan in place and monetary insurance to streamline response and maintain business operations.

At Pennsylvania Lumbermens Mutual Insurance Company, we have been serving the lumber industry for over 125 years and understand the unique risks businesses in the wood niche face.

We pride ourselves in helping our industry not only mitigate risk but in obtaining comprehensive coverage with fair terms. PLM products offer coverage for computer attacks, cyber extortion, data compromised liability, network security liability and response and expenses. For more information, ask your insurance broker about PLM, contact a representative at PLM directly at http://www.plmilm.com/ or call 1-800-752-1895.

Registration is now open for the LBM Strategies 2024 Conference