In the old days, shop security was simple. A safe inside the office, a sturdy lock on the front door, a security light in the parking lot, maybe a vicious-looking German Shepherd wandering around at night, and you could go to bed easy, confident that your shop was secure until the next morning. 

Ah, the good old days.

Now, with threats coming at you constantly and from everywhere, no matter how big the dog or how bright the light, your shop is vulnerable. 

Of course, you can install electronic locks on the doors, automatic spotlights on the roof and alarms on  every window, but guess what? If someone wants to get in, they can do it in seconds, leave no trace and steal everything you have. The worst part is, you’re essentially holding the door wide open for them.

Cybersecurity is an incredibly important yet often overlooked topic, as I found out recently. I moderated a webinar sponsored by AAPEX in the Joe’s Garage Online series and if you think the 3 a.m. panic of “Did I remember to turn off the bathroom light in the shop?’” is scary, just wait until you start worrying about the dark web.

Looking for a true horror story? How prepared are you for the bad guys?

Jason Popillion, director of automotive aftermarket at SPS Commerce has decades of experience in software and infrastructure development, as well as IT management. Kevin Pentecost, information security director at Standard Motor Products has 24 years of experience with handling all sorts of communications, configuration and counseling concerns. 

Together, they host the “Cyber Distortion” podcast, and they took time from their normal duties of preventing cyber attacks to discuss what shop owners don’t understand about today’s threats.

“These days, ‘pretty good’ is really incredibly risky when it comes to cybersecurity practices.”

Dwayne Myers, CEO of Dynamic Automotive in Maryland

Dwayne Myers, co-owner and CEO of Dynamic Automotive in Maryland offered his experiences to help others learn from his mistakes. To be fair, Dwayne and his team are already pretty good about locking up their data. Yet as he and I both found out, these days “pretty good” is really incredibly risky.

“It’s pretty scary when you think about the fact that cyberattacks are happening about every 11 seconds on average in 2023,” Pentecost says. 

Did you know that it takes hackers less time than you’ve already spent reading this column to brute force a 7-character combination of numbers, upper and lowercase letters and symbols? Just 4 seconds, as a matter of fact. Make your password 8 characters and you’re stalling them for 5 minutes; 9 characters will take only 6 hours. Of course, with computing power constantly improving, those times may already be out of date.

Think you’ve got nothing of value to steal? Think again, says Popillion. “Most attacks are simply to gain information, to build a bigger attack on something else.”

As Myers pointed out, “That could be our customer database. We have a lot of personal information in it – it’s our responsibility to keep it safe.”

Of course, putting every preventive measure into place won’t help if you simply let the bad guys in the building.

As it turns out, 95% of all breaches start through email phishing attacks, the equivalent of people opening the door to let the vampire into their house.

Click the QR code on this page to access the replay of this webinar. You still might not be able to sleep, but at least you’ll know where you stand.