NASHVILLE, Tenn. — When cybercriminals strike a small business, many owners assume law enforcement will help them recover their losses and bring the perpetrators to justice. Former FBI cybersecurity specialist Scott Augenbaum has sobering news: That rarely happens.
“Once the cyber criminals do their damage, law enforcement does not have a magic wand. We cannot fix the problem. There is no reset button,” he says during a recent National Federation of Independent Business (NFIB) webinar.
In Part 1 of this article, we discovered the growing problem of cybercrime and the threat it can pose to all businesses, including laundromats and laundry services. In conclusion, we’ll examine some specific steps your small business can take to protect itself from cybercrime.
HAVE YOU BEEN PWNED?
The primary weapon cybercriminals use isn’t sophisticated technology — it’s social engineering, or tricking people into doing something they normally wouldn’t do, Augenbaum says. While social engineering isn’t new, advancing technology has made it far more effective and harder to detect.
“We’re seeing things that are happening through ChatGPT where the bad guys are able to create very calculated email attacks,” he says. “They’re going out there scouring the websites. They’re knowing everything about it and then they’re just hoping that they can get into your email account because that’s really what they want to do.”
The threats come through multiple channels: “We have text messages that are going on. We have telephone calls, QR codes, social media hijacking or taking over social media accounts, pop-ups … and tech fraud against elders is such a big scam.”
The situation has become even more dangerous with the recent leak of passwords online.
“Recently, there are so many usernames and passwords on the dark web,” Augenbaum says. “I just did a piece for USA Today. We’re no longer dealing with RockYou2021 (password leak). We’re dealing with RockYou2024 — 10 billion usernames and passwords were leaked online.”
He suggests using the website HaveIBeenPwned.com (the “P” in “Pwned” is correct) to check if a specific email address has been involved in a data breach.
These massive leaks are particularly dangerous because many people reuse passwords across multiple accounts.
“About 66% of the population is using the same password for multiple platforms,” Augenbaum says. “So, what happens today if the cybercriminals get access to this list? Now they are going to bank on the fact that the password that you may have used for your favorite social media platform is the same password for your bank account.”
AN OUNCE OF PREVENTION…
“I discovered that a majority of (cybercrimes) could have easily been prevented if the end users had the right pieces of knowledge,” Augenbaum says.
The most critical step is implementing two-factor authentication on all critical business systems.
“You need to put two-factor authentication on all of your remote access, your email, your bank account, your mission-critical platforms,” he says. “You need to put it on your payroll and your CRM if you’re using something like a Salesforce.”
Two-factor authentication requires a second form of verification beyond just a password.
“Each one is a little specific and there are a couple of ways you could do it, either through text messaging and apps,” Augenbaum says. “It doesn’t cost anything to really do this. This is free from almost all the major accounts.”
To demonstrate its effectiveness, he makes a bold statement: “I can give every single person here my Gmail username and password and you will not get in because of two-factor authentication.”
Password security is another crucial area. With billions of passwords leaked online, businesses must be particularly vigilant. Augenbaum recommends using unique passwords for each account and considering a password manager or passphrase system.
When it comes to changing bank account information or payment instructions, email alone is never enough.
“You’re going to send an email to all of your vendors and tell them that you will never change bank account and routing information by nothing more than an email,” Augenbaum says. “You’re going to have to have a telephone call or you’re going to have to do something.”
SPREADING THE WORD
Employee training is essential, but traditional annual cybersecurity awareness training isn’t sufficient.
“Nobody has succeeded at ‘changing corporate culture,’” Augenbaum says. Instead, he recommends focusing on personal impact: “I’m going to teach you how to keep your family safe. I’m going to teach you how to keep your kids and your elderly parents safe through storytelling ... because once I can make you feel that pain of what it’s like to be a cybercrime victim, then you’re going to take that advice.”
The stakes are high, but the solutions don’t have to be complex or expensive.
“The thing that really blows my mind is the lack of sophistication required to destroy a business,” Augenbaum says. “It takes a stolen username and a password without two-factor authentication, or social engineering. That’s all it takes.”
IT’S EVERYONE’S PROBLEM
For laundromats, laundry services and other small businesses, the message is clear: Cybersecurity isn’t just an IT issue — it’s a fundamental business practice that requires ongoing attention and commitment from everyone in the organization.
“Common sense is not common practice,” Augenbaum says. “We have to change the way we think because the lack of sophistication required to destroy a business doesn’t take much. ... You don’t have to spend much time (to protect yourself and your business).”
By implementing basic security measures and maintaining vigilance, small-business owners in the laundry industry can significantly reduce their risk of becoming cybercrime victims.
The threat may be growing, according to Augenbaum, but so are the tools and knowledge available for protection.
Have a question or comment? E-mail our editor Bruce Beggs at [email protected].
