Scott Hall, owner, All Season Rent All, Franklin, Ky., admits that when he first heard the ARA of Kentucky was going to offer a meeting on cybersecurity, he wasn’t that intrigued. That quickly changed when he heard how his business might be exposed to hacking threats — even ransomware that could totally immobilize his operation. “It really opened my eyes,” he says.
To help all Kentucky rental operators better understand the threats, best practices to keep their businesses safe and how to respond in the event of a data breach, the state chapter brought in Josh Gossett, CEO and co-founder, CORETECH, who presented “How to Prevent, Respond to and Survive a Data Breach” at its Aug. 9 educational dinner meeting.
“He showed us things we weren’t even thinking about, such as how many times businesses have been hit and how people are trying to steal information from us. They can steal from us from behind the scenes and we don’t even know they are stealing it,” Hall says.
Like many, Hall admits he hasn’t been very strong on cybersecurity training with his staff. “That is going to change. The next day I implemented a no-personal-email-use policy on company computers and will do more training from there, including using the resources from the American Rental Association’s (ARA) RentalU,” he says.
He wasn’t alone in that thinking.
“We found out that we need to implement more cybersecurity at our store,” says Scott Bryant, owner, Bryant’s Rent-All of Lexington, Lexington, Ky.
“The main point that jumped out at me was the threat from our people in-house opening an email and bringing in something vicious. That is my main concern. It is a matter of educating our employees on how to recognize possible threats to their email correspondence and what to do with them. I learned a bunch to help us jump on this right now. Besides the training to our employees, we also are going to be looking at our software to make sure that aspect is as secure as possible,” he says.
Bryant was impressed by how Gossett “made the information very relatable and to our level of understanding these things. It was a great meeting,” he says.
Tyler Martin, sales representative, Green River Rentals, Bowling Green, Ky., agrees. “Specifically with cybersecurity, this is something that is probably not our strongest point. We wanted to learn more about cybersecurity and what things we are missing, what do we not know about and how are we exposed. After attending, we have a better idea of how to cover ourselves,” he says.
Martin liked how Gossett addressed a wide range of cybersecurity threats and ways to protect yourself. “We learned about phishing attempts, that we should never open up a file in an email with an extension of ‘exe’ because that is an executable code that will automatically do something to your computer, whether it is spyware, malware or something else. He also talked about how to stay covered with password managers, two-factor authentication and other things like that. In addition, Josh told us that the first thing we should do if we were to get hacked and how to handle a situation if our network was compromised with ransomware. Specifically with ransomware, he said to unplug the device — shut the power off. I have read about ransomware, so it was good to know a little bit about that if it would happen. He also opened it up for questions and answers at the end, which was good,” he says.
A significant takeaway for Martin was the realization that “everyone will get hacked to some degree at some time, so it is important to invest in your cybersecurity as much as you would invest in your physical perimeter security. It is just a matter of time before you are the victim. It could be something small, but if you get into ransomware, it is very hard to recover from that,” he says.
That vulnerability was illustrated in real terms when Gossett safely accessed the dark web. “He typed in some of the companies that were at the meeting, including Green River. He was able to show us emails and passwords that are for sale on the dark web. That really stuck with people who were there. While those passwords were old and have been changed, nonetheless it really brought it home. It was terrifying,” Martin says.
Bryant’s Rent-All also was listed. “That exposed a lack of knowledge that we have about this stuff that exists out there and how potentially dangerous it could be. Thank heavens that it looked like a bunch of old passwords on our side, but it was still unnerving enough to make you think about things you definitely want to implement. It brought a sense of urgency,” Bryant says.
“The meeting was a wake-up call,” Martin says. “I am 30 years old and learned more details on things I previously thought I knew about. That is the benefit of attending ARA of Kentucky meetings. You might think you know about a topic, but a different perspective is one of the most valuable things you can get. If the ARA of Kentucky is offering that for free, why not take advantage of it?”