Top FIVE Website Cybersecurity Mistakes Chimney Companies Make

By Carter Harkins and Taylor Hill, Co-Owners, FutureNow Marketing

When the topic of health and safety comes up, do you ever consider the health and safety of your business’ website and online properties?

Those in home service industries – like the chimney and venting industry – often believe that cybersecurity isn’t something they need to worry about. This mindset, however, makes businesses like yours prime targets for hackers who thrive on finding vulnerabilities in unsuspecting companies. Ignoring cybersecurity can have dire consequences, potentially compromising your entire operation. When companies partner with us, we immediately put their current website through rigorous security checks before it’s allowed on our servers. Here are a few alarming situations we’ve encountered in the past and how you can avoid them.

Hackers Target the Path of Least Resistance

One of the most shocking realities is how unaware businesses can be about the security of their websites. Imagine finding out that your chimney company’s website is hosting illegal content without your knowledge. Hackers can easily hide such content on your site, putting you at legal risk. There was once a case where a teenager was arrested after his computer was hijacked to store illegal materials. The situation becomes even more severe when your business’ server is used for such activities. Server hijacking is more common than many realize, and it can have devastating legal and reputational consequences.

Another common issue we’ve seen is unauthorized data storage, also known as a web shell attack. In one instance, we discovered thousands of car and truck photos stored on the backend of a new client’s website, taking up significant storage space. Hackers had managed to upload, download, and execute files without the owner’s knowledge. We had to clean this up before transferring the site to our secure servers.

The #1 Most Common Mistake: Thinking It Won’t Happen to You

During our onboarding process, we conduct a thorough discovery, which includes collecting passwords to access critical systems. We’re often shocked at how weak these passwords are. It’s surprising how many chimney companies still use passwords like “chimney1” or similarly simple variations. Every time we see such passwords, it’s a reminder of how vulnerable these businesses are.

We’ve had instances where a single email and password combination gave us access to all a company’s accounts. Hackers often gain access to bank accounts and other sensitive information by cracking your email password. Strengthening this aspect of your security is one of the simplest yet most effective measures you can take.

We strongly recommend using a password manager to store and generate secure passwords. These tools are user-friendly and, when used with a strong master password, provide a robust defense against cyber threats. Ideally, your passwords should be at least sixteen characters long and adhere to best practices. Updating your passwords regularly and using a password manager to generate complex ones will greatly reduce the risk of a breach.

Mistake #2: Weak Passwords

While we’re talking about passwords, are you using two-factor authentication (2FA)? While it may seem like an inconvenience, it’s another critical step in protecting your business. Every additional layer of security you implement decreases the likelihood of a cyberattack. Without these measures, your chances of being hacked increase significantly.

Implementing multi-factor authentication tools in your company is a necessary step, even if it requires setting up new protocols. Some of the most reliable 2FA apps include:

• Google Authenticator: Generates time-based one-time passwords (TOTP) for 2FA

• Authy: Offers cloud backups and multi-device synchronization

• Microsoft Authenticator: Works well with Microsoft accounts and other platforms

• LastPass Authenticator: A companion app to the LastPass password manager, with one-tap push notifications

• Duo Mobile: Supports push notifications, TOTP, and integrates with various services

• 1Password: A password manager with built-in TOTP code support

• FreeOTP: An open-source app supporting TOTP and HOTP

• OTP Auth: Available on iOS, with features like Apple Watch integration

• andOTP: An open-source 2FA app for Android, supporting TOTP with encrypted backups

• Yubico Authenticator: Works with YubiKey hardware tokens to generate TOTP codes

Mistake #3: Not Keeping Everything Up to Date

Software updates can be annoying, but they’re crucial for cybersecurity. Whether it’s your website, your management software, or the browsers you use daily, keeping everything up to date is essential. Most updates include patches for security vulnerabilities discovered since the last release, making it vital to stay current.

Our recommendation is to automate updates where possible. For those that require manual intervention, ensure they’re done promptly to close any security gaps. Every unpatched vulnerability is an opportunity for hackers to infiltrate your systems.

Mistake #4: Not Training Your Staff

It’s not enough for you as the owner to understand cybersecurity; your entire team needs to be on the same page. Do you have a clear policy around password security and cybersecurity protocols? Is it part of your employee handbook, and have all your staff members read and signed off on it?

At FutureNow Marketing, failing to follow our security measures is grounds for immediate termination. This might sound harsh, but once you’ve experienced or helped clean up after a hacking incident, you’ll understand the importance of strict adherence to security protocols. A little prevention can save you from a massive headache and significant financial loss.

Mistake #5: Knowing What To Do But Not Doing It

Finally, knowing what steps to take is only half the battle – you must also follow through. Here’s a quick recap of what you can do right now to protect your chimney business from cybersecurity threats:

1. Acknowledge the risk: Understand that this can happen to you.

2. Strengthen your passwords: Use a password manager and ensure your passwords are robust.

3. Implement two-factor authentication: Set it up wherever possible.

4. Keep software updated: Automate updates where you can and stay on top of them where you can’t.

5. Train your staff: Ensure everyone in your company knows and follows your security protocols.

6. Do it NOW!

Taking these steps will help keep your chimney business safer, allowing you to focus on what you do best – serving your customers. ■