According to data from the Identity Theft Resource Center, 353,027,892 people were victims of data compromise in 2023. Of course, businesses were also impacted, leaving owners and operators to navigate costly losses from cyberattacks and threats.
For example, last March, AT&T had a cybersecurity breach, leaking personal data of current and former customers, including, but not limited to, social security numbers and passcodes. The breach impacted 7.6 million existing customers and 65.4 million former customers. Additionally, in February, Bank of America had a ransomware attack impacting more than 55,000 customers, leaking names, addresses, phone numbers, social security numbers and credit card information.
It may be easy for an owner or operator of a small or medium-sized business to think that cyberattacks are limited to larger companies, but businesses of all sizes are regularly at risk of cyberattacks. Verizon’s Data Breach Investigations Report found more small businesses are attacked by cybercriminals than large ones, despite 59% of business owners believing their businesses are too small to be a target.
Even as cyber awareness has improved nationwide, we continue to see costly cyber losses. Only 28% of small businesses have cyber response plans, and only 26% have cyber insurance. For any business, including those in the pallet industry, a cyber loss could be critical without a plan and insurance coverage in place.
What can owners and operators of pallet businesses do to protect their businesses from cyber risk? Understanding cyber exposure is a critical first step.
The Types of Cyberattacks
Cybercrime continues to become more complex as cybercriminals develop new tactics to infiltrate businesses, therefore pallet business owners could be just as likely to fall victim to a cyberattack as any other business owner. How? Consider this scenario:
A cybercriminal targets your pallet business’ office computer systems via an email to a staffer mimicking a note from the company owner. The attack is successful, and the criminal now has control of the software that handles pallet delivery and storage data. The cybercriminal could disrupt operations by deleting data and cancelling orders,or disrupting the delivery process. They could also leak customer and vendor data online and put them at risk. Not only would this event be costly by possibly halting operations for some time, but it could also damage the company’s reputation among its customers and vendors, impacting future financials.
Any business owner, including those in the pallet space, should be aware of the following tactics often used by cybercriminals.
Credential stuffing
Cybercriminals employing credential stuffing use passwords stolen from a data breach to access unrelated company data in a tactic that continues to gain popularity among tech-savvy criminals. We see these cases more often when staff members use the same password for multiple logins, as repeated passwords open exposures to other areas of the business. A credential stuffing incident could permit hackers to access several key parts of a pallet company, including logistics and storage, driver schedules, payroll management and more.
Data exfiltration and double extortion
Data exfiltration is when a cybercriminal breaches a company’s system and steals their data while requesting payment to delete the stolen data. In a double extortion case, a cybercriminal takes this a step further, threatening to sell the company’s data over the dark web. A cybercriminal could take a pallet company’s customer data and sell it to bad actors, which could put the customer at risk and could potentially harm the company’s reputation.
Business email compromise and misdirected payment claims.
Business email compromises occur when cybercriminals compromise a data system and now have access to email invoicing. At Pennsylvania Lumbermen Mutual Insurance Company, we are seeing more and more of this type of criminal activity among our insureds in the wood products niche. The cybercriminal can then send out invoices to vendors to steal payments. Similarly, in a misdirected payment scheme, cybercriminals use fake emails to send money to fraudulent destinations. The email seems to come from a legitimate account that is actually compromised and losses from this issue can range from $30,000 to $80,000 and even up to $200,000.
Cyber Safety Practices
A properly prepared pallet business owner or operator will educate their team on the most common cyber risks and implement best practices to create a workplace that understands the risks out there and knows how to address common threats. Best practices for your pallet business to consider include:
- Update your systems: Software providers regularly release updates designed to address the latest in cyber risk. Ensure all software and operating systems are up to date.
- Use multi-factor authentication: Multi-factor authentication provides an extra layer of security in case there is a breach of passwords. Even in the event of a data breach leaking passwords, staff members would have to approve access for a criminal to gain access to accounts.
- Think before you click: Ensure staff members know not to click on links or email attachments if they do not recognize the sender.
- Host regular training: Conduct regular cybersafe training with staff members. This training should outline how to identify common cybercrime tactics and fraudulent emails. It should also provide next steps in the event that a team member does notice potential cybercriminal activity, including reporting the activity to the pallet company’s IT team and senior leadership and alerting vendors if you believe their systems have been compromised.
- Create a response plan: Even with the best cyber safety measures in place, pallet businesses can still suffer a cyber loss. If your company does have a breach, having a business continuity plan is essential. This plan should detail how to contain the breach and instructions for communicating with impacted customers and vendors.
A good insurance provider can help with the development of a cyber response plan. Consider partnering with an insurance company that specializes in the pallet space and will understand exactly how a cyberattack can impact your operations and ecosystem. Review your coverage options with your insurance provider as well to ensure your business is protected in the event of a cyber event.
With the right training and a reliable insurance partner, pallet businesses can protect their operations and keep their vendor and client data safe from harm. As you plan for the year ahead, consider dedicating time now to ensure your business is practicing strong cyber safety and prepared for the range of potential cyberthreats facing the industry today.
Editor’s Note: Julian Carroll is an IT Support Specialist at Pennsylvania Lumbermens Mutual Insurance Group (PLM). PLM is the nation’s oldest and largest mutual insurance company dedicated to the wood products, lumber and building materials sectors.
