Repairers confident they’re protected against the threat of ransomware might want to double-check for flaws in their assumptions and IT setup, based on a Monday CIECAst.

David Willett, value creation executive at ProSight Specialty Insurance, and Collision Advice CEO Mike Anderson both told the webinar audience they’d heard of multiple collision repairers who fell victim to ransomware. Ransomware attacks can bar access to one’s files and demand the victim pay to get them back. Failure to pay by a specific deadline might lead to the files lost forever.

Willett said repairers are providing separate Wi-Fi networks for customers and shop operations — a cybersecurity best practice that hadn’t always been as commonplace in the recent past.

But the wall between the two might be porous in practice.

Willett recalled visiting one shop he described as diligent on cybersecurity measures and asking an employee about their personal device’s Internet connection. Employee personal devices like smartphones should be on a separate Wi-Fi network than the shop’s official one, according to Willett.

The employee had connected the personal device to the shop’s Wi-Fi. The worker explained he knew he shouldn’t have done that, but “‘the guest Wi-Fi doesn’t work really good back here,'” according to Willett. The company had gone ahead and given the employee the password for the shop’s business Wi-Fi.

If a shop with separate Wi-Fi systems allows employees to connect personal devices anyway, “you might as well not have separate Wi-Fi,” Willett said.

One way for hackers to attack a company involves an employee clicking on a link, which can “open up a door” for cybercriminals, according to Willett’s co-presenter Mike Anderson, the CEO of Collision Advice.

“Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website,” the U.S. Cybersecurity and Infrastructure Security Agency states. The agency warns never to click links or open attachments in unsolicited emails and encourages “safe practices when browsing the Internet.”

Willett said companies should create a cybersecurity policy for employee awareness and training and record it in an employee manual. Willett said many training videos exist, and Anderson said the Automotive Management Institute offered a cybersecurity class too.

Willett suggested businesses lean on their cyber risk insurer for help before a breach occurs. Ask if they offer cybersecurity training videos, a sample cybersecurity policy and vulnerability testing. He said the insurer might also be able to discuss the issue on a more technical level with the business’ IT staff as well.

Repairers might also wish to reevaluate their IT, according to Anderson. He noted that shops might tap a “friend of a friend” for their IT, but they should instead use a professional company truly versed in the subject.

Anderson said hackers have infiltrated shop systems through software which allows an IT professional a “door” to remotely access on-site computers. The problem: “They don’t shut the door when they leave,” he said.

A company should also use VPN (virtual protection network), which allows staff working remotely to carry the same level of cybersecurity as the building’s on-site computers, Willett said. He also encouraged encrypting personally identifiable information (PII), details which are now becoming a target of ransomware schemes. If encrypted PII is commandeered by a hacker, “they can’t do anything with it,” he said.

Another misconception surrounds what to do after a ransomware attack. A business might believe their best move is to shut off the computer. But Willett said to instead merely disconnect the device from the Internet. Leave the computer on unless your help desk advises otherwise, he said. (After severing Internet access, the business would immediately contact their help desk or IT professional, followed by their cyber risk insurer, according to Willett.)

“There’s clues in there,” Willett said. Leaving the computer on offers an opportunity to work out who committed the cybercrime and how they accomplished the hack, he said.

Finally, companies also often assume that using a cloud platform means they don’t have to worry, according to Willett. But the cloud is the architecture, he said; any applications and information using it remain the individual business’ responsibility, he said.

More information:

“CIECAST Oct 2020 Cybersecurity for the Collision Repair Industry”‘

Collision Industry Electronic Commerce Association YouTube channel, Oct. 26, 2020

Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center joint ransomware guide

CISA and Multi-State Information Sharing and Analysis Center, Sept. 30, 2020

Cybersecurity and Infrastructure Security Agency “Ransomware” webpage

Federal Trade Commission “Online Security” portal

CISA small and medium-size business cybersecurity information

FTC small business cybersecurity information

Featured image: Ransomware might infiltrate your system through employees clicking links or through an IT remote access “door” left open. (Suppachok Nuthep/iStock)