Safety Culture: Cultivating Cybersecurity Awareness Within Your Team - The Edge from the National Association of Landscape Professionals

We recently updated our Privacy Policy. By continuing to use this website, you acknowledge that our revised Privacy Policy applies.

Safety Culture: Cultivating Cybersecurity Awareness Within Your Team

Photo: NALP

As technology becomes more commonplace within your landscape company, the importance of cybersecurity awareness only increases.

Whether your team is using software to schedule appointments, create client estimates or tablets in the field to take property notes, all of these have the potential to be exploited if you are not educating your staff on the latest cyber threats.

The Importance of Cybersecurity

Depending on the nature of the cyberattack, the impact can range from inconvenient to downright debilitating to your business.

A cyberattack can result in operational downtime, especially if your company does not have any backup plans on how to operate and service clients without the technology you depend on.

Attacks often result in financial theft or having to pay a hefty sum to ransomware, which still does not guarantee that you will be able to access the locked data once you have paid.

Proprietary information and client data can also be stolen. Even if you are able to recover from a cyberattack, if the attack compromises your customer base’s personal data, including credit card numbers, it can have a ripple effect of lost trust.

Legal consequences are possible as well. In some areas, they have regulations regarding data protection and clients affected by the breach may file lawsuits against your company.

Common Cyber Threats

There are a growing number of cyberthreats and they do not just target multi-million dollar corporations. In fact, small to medium-sized businesses are ideal because they have more valuable data than the average PC user but lower defenses than a major brand.

Phishing is one of the most effective cyberthreats. Since 2020, 81% of organizations around the world have seen an increase in phishing attacks, and it’s estimated that 82% of all data breaches can be traced back to an original phishing attack, according to Expert Insights.

Phishing is effective because it impersonates a trusted source to get a user to click on a malicious link, download a malicious file or provide sensitive information.

Malware is another common threat. It is malicious code that can gain access to networks and steal or destroy data on computers. Ransomware is a type of malware that encrypts company data so it cannot be accessed and forces you to decide whether to pay up or move forward with the loss of data.

Data breaches can also come from insider threats. These are situations in which current or former employees can access your critical data and put other employees or customers at risk through their actions.

Essential Cybersecurity Practices

Regularly discussing good digital hygiene with your team and leading by example can help keep cybersecurity top of mind. Don’t let the excuse of ‘I’m not techy’ give employees a free pass. They have a shared responsibility to protect your company’s digital assets and customer information.

Your landscape company should implement several straightforward cybersecurity practices to mitigate the likelihood of a cyberattack.

This includes ensuring everyone on staff is required to use strong, unique passwords. Teach employees not to use the same password for multiple accounts. Help them understand that weak passwords make it easier for cybercriminals to ‘password-spray’ where they use the same common passwords on hundreds of accounts at once.

Utilizing password managers and requiring regular changes to passwords can also reduce the risks associated with employees using weak and reused passwords.

Aside from implementing email security software and multi-factor authentication, it is critical to educate your team on the social engineering behind phishing. Phishing attacks target people who aren’t typically concerned with cybersecurity. Help them understand the red flags to look for and question suspicious emails before clicking blindly.

Simulations and quizzes can also help drive home these points. Implementing a system that sends out test phishing emails can identify employees who need additional training, if they click on your fake malicious link or attachment.

Mobile device security is another serious cybersecurity matter as so much of your workforce is out in the field. This is why you need to have policies in place that are clear on how mobile technology should and shouldn’t be used in the business. Brands like Samsung have templates available if your team opts for the bring your own device (BYOD) setup.

Your team should also be familiar with the procedure they should follow during a cyber incident. If they suspect they clicked on a malicious link or if their computer seems compromised, the last thing you want is for them to wonder who on staff they need to report it to.

Having a plan in place allows your business to respond as quickly as possible to the cyberattack and prevent the damage from being so severe.

Jill Odom

Jill Odom is the senior content manager for NALP.