Cyber vandalism. It’s not a term very often used in the flooring industry—but it should be. Technology continues to advance by leaps and bounds and with it comes the potential for unprecedented change. That change has allowed business practices across the supply chain to become more targeted, efficient and effective; however, it has also created increased risk.
The flooring industry is not immune to the negative effects of advancing technology—namely, cyber vandalism—and has, in fact, experienced increased instances of cyber theft and fraud of late. “We have seen dealers and retailers of all sizes under increased attack over the last year,” said Max Everett, vice president of cybersecurity and IT compliance at Shaw. “I have talked to some of our partners and customers who have suffered these attacks. These trends have been growing year by year.”
So, who’s at risk? The ugly truth is that cyber vandalism is an unfortunate byproduct of advancing digital capabilities and no one company or brand is immune to its effects. What’s more, one instance of cyber vandalism can sometimes lead to many. “Flooring dealers often collaborate with suppliers, manufacturers and other partners in the industry,” said Dave Holy, co-founder and lead developer, Showroom Pricing. “A cyberattack targeting any entity in the supply chain can have a cascading effect, disrupting operations and compromising the security of interconnected systems.”
It’s important for flooring retailers—and the industry at large—to be aware of these potential business risks, as they are unlikely to go away. “The reality is these cyberattacks will be an ongoing threat,” explained Chad Ogden, CEO/president, QFloors. “There is no silver bullet that can completely wipe out the potential for being victimized. Furthermore, no one is too big or too small to be at risk. Our industry is not being spared—we continue to hear reports of attacks on flooring dealers.”
Understanding the risk
Flooring dealers and suppliers alike may wonder what it is about their systems that make them vulnerable. The truth is: everything. Simply existing online opens up any person or business to vulnerability.
“With the rapid advancement of technology, many flooring dealers have incorporated digital systems for inventory management, sales and customer information,” Showroom Pricing’s Holy explained. “This increased reliance on technology creates a larger attack surface for cybercriminals to exploit.”
Josh Pendergrass, vice president of engineering at Broadlume, agreed, noting: “As technology continues to play a vital role in the flooring industry, retailers often rely on digital platforms for inventory management, customer data storage and online transactions. As companies rely more on technology than ever, cybercriminals target such systems to exploit vulnerabilities, disrupt operations and gain unauthorized access to sensitive information. Being aware of these threats allows a flooring retailer to take proactive measures to safeguard their systems and protect their business interests.”
So, what valuables are cyber criminals looking for? As Holy put it: “Flooring dealers collect and store sensitive customer information, including personal and financial details. This data is highly valuable to cybercriminals and can be targeted for identity theft, financial fraud or ransomware attacks.”
QFloors’ Ogden explained that the impact of cyber vandalism can be as mild as the inconvenience of a brief outage or as severe and lingering as actually putting a retailer out of business. “Our world is run by technology nowadays and cyberattacks hijack your technology,” he said. “So, in the midst of an attack you are unable to do things like write up a sale or access needed information. Cyberattacks hamper your ability to run your business in the present and can also make vital past information inaccessible.”
For Shaw, the most common instances of cyber vandalism can be broken down into three major areas of impact for retailers. “The most damaging is often ransomware, which can shut down operations and deny access to orders, accounts and systems for weeks,” Everett explained. “[Second is] financial fraud, [which is] focused on re-directing payments to accounts controlled by the cyber criminals and can mean one might not be able to make payroll or pay bills. The third impact is access and abuse of the information a retailer has about their customers—most often through email. This can be used to facilitate phishing attacks and other criminal activities against employees and customers.”
It’s also important to remember that cyber vandalism can impact more than your bottom line. “If your business is damaged by an attack—such as someone hacking your social media or Google My Business and posting on your behalf or your client information being leaked—that is connected to your brand reputation,” explained Greg Beaudoin, vice president of operations and CIO of Mobile Marketing. “Once a brand is damaged it can take time to rebuild trust.”
Mitigating the risk
While the idea of cyber vandalism seems daunting, flooring dealers shouldn’t be afraid of tackling the issue head on. “Cybersecurity can appear confusing, expensive and intimidating, even to technologists, but ultimately it is just one business risk,” Shaw’s Everett explained. “Leaders at all levels in businesses of all sizes manage risk every day—financial risks, safety risks, market risks. Becoming better educated on cybersecurity risks allows each of us to put this risk in context and take appropriate steps to protect their suppliers, organizations and customers.”
Flooring technology and software providers agree that there are many things a flooring dealer—or any entity within the supply chain—can do to protect themselves against cyber vandalism. Here is the best advice from the industry’s top technology providers:
TWO-STEP SECURITY
“Multi-factor authentication, or two-factor authentication, is a critical protection for individuals and companies. It is accomplished by adding an additional step like an SMS message or authentication app in addition to the password to access email, financial accounts or other key online services. This is something we at Shaw are doing across the entire enterprise.”
—Max Everett, VP of cybersecurity and IT compliance, Shaw
EDUCATION IS KEY
“When it comes to protecting against attacks, the most basic action you can take is to make sure employees are educated about phishing scams and know to verify links before opening them. Phishing scams are getting harder to decipher and to tell if it’s a legitimate email or not. It’s important to periodically remind your employees not to click on links or attachments they’re not expecting in emails.”
—Greg Beaudoin, vice president of operations and CIO, Mobile Marketing
INVEST IN SECURITY
“Invest in robust cybersecurity solutions. Implement advanced firewall systems, antivirus software and intrusion detection systems to detect and prevent unauthorized access. And use cloud solutions where [the technology provider] handles all of these measures for retailers.”
—Josh Pendergrass, VP of engineering, Broadlume
TRAINING
“Conduct regular training sessions to educate employees about cybersecurity best practices, such as recognizing phishing emails, creating strong passwords and being cautious with sharing sensitive information. Employees should be aware of the potential risks and their role in maintaining a secure environment.”
—Dave Holy, co-founder and lead developer, Showroom Pricing
BACKUPS, BACKUPS, BACKUPS
“Having data backups is one of the best ways you can prepare for the unexpected. Whether it’s cyberattacks, natural disasters, hardware failure, theft or any other unanticipated outages, companies that have frequent, verified, secure backups will recover from these events the quickest.”
—Chad Ogden, CEO/president, QFloors
DO THAT SOFTWARE UPDATE
“Keep your browser, operating systems and other software up to date. This ensures you’re using the latest technology to fight attacks. We also keep all the servers we run, underlying plug-ins and other technologies we use, up to date, just as we ask our clients to do.”
—Beaudoin, Mobile Marketing
RECOVERY
“Every company should have a contingency plan for how to continue doing business, should your technology go down for any reason.”
—Chad Ogden, QFloors
