Safeguard Your Digital Doorway

In an era where pest control operations increasingly rely on digital tools, cybersecurity has become as crucial as pest prevention itself. Learn how to secure your company’s digital assets with these essential cybersecurity practices.

Liisa Andreassen

According to a report by IBM and the Ponemon Institute, the average data breach recovery cost for businesses with fewer than 500 employees is $2.98 million, with the average cost for each breached record at $164. Not only are these costs high, but cyberattacks can crush credibility, require a complex recovery process, and even stop a business in its tracks.
But here’s the good news: Implementing cybersecurity doesn’t have to be costly, especially for smaller businesses. Many basic steps, such as creating a cybersecurity culture within an organization and designating a specific person for security responsibilities, for example, need only minimal investment. 

When it comes to cybersecurity systems for your pest control business, Brannon Gillis, senior vice president of technology, Arrow Exterminators, says it’s a lot like home security. “Some people leave their doors open; others have elaborate security systems,” he says. “And when it comes to business, a small family business is not going to have the means for all the bells and whistles like a larger company would have. So, you have to find out what your comfort level is and then act.”  

Protect Your Business and Your Customers

Gillis suggests a few easy ways to protect your company from cyberattacks:

• Consider a cyber insurance policy.
• Install a firewall, antivirus software, or antimalware on all machines.
• Protect company emails from spoofing with:
  • SPF – Sender policy framework: Tells other servers who can send emails using your domain.
  • DKIM – Domain keys identified mail: Puts a digital signature on outgoing mail so servers can verify that an email was sent from your business.
  • DMARC – Domain-based message authentication, reporting, and conformance: Verifies the email address matches the “from” address you see.

Secure your router. Many smaller businesses buy routers at places like Walmart or Best Buy. Gillis says that’s fine but warns not to leave the configuration in default mode. “It’s easy to hack. At minimum, change the network name and password. Disable remote management and use at least WPA2 encryption,” he says. “If you’re unsure of how to do that, hire a tech specialist to do it for you.” 

At Moxie Pest Control, Noah Vavra, vice president of technology, says the company uses many Software as a Service (SaaS) vendors and cloud services and has implemented internal safeguards to protect customer data. But it also relies on vendors’ security as a first line of defense. He says it’s vital to conduct comprehensive reviews of vendors to ensure they handle customers’ data responsibly and have a proven history of doing so. At his company, conducting these reviews is a defined requirement before implementing new solutions, as is performing periodic reviews for existing solutions.

It’s also important to ensure employees stick to these best practices, adds Gillis: 

• Avoid using unsecured Wi-Fi in public places.
• Be careful what you click: Avoid visiting unknown websites or downloading software from untrusted sources. If attachments or links in emails are unexpected or suspicious, don’t click on them.
• Make sure a password or passcode is required to access any device, and never leave an unlocked device unattended.
• Never enter secure information on unsecured websites. Secure websites start with “https.”
• Be mindful of what you store, share, or email.

Proper education is essential to keeping your organization safe.

-Brannon Gillis, Arrow Exterminators

How to Spot Phishing Expeditions

You should always be suspicious of emails and texts, and never respond to pop-ups, emails, or phone calls saying there is a problem with your computer. When it comes to identifying phishing expeditions, Gillis says they’re typically pretty easy to spot, though generative artificial intelligence (AI) is making them more sophisticated. Look for clues like:

• Misspelled words and bad grammar.
• A sense of urgency. If someone is trying to get you to do something very quickly (e.g., buy gift cards by the end of the day), that’s a red flag.
• An impersonator. Phishers will often try to impersonate someone within your organization and ask you to do a favor for them.
• A weird-looking email address. Look closely at the email address, but not just on your mobile device.
• Carefully examine it on your computer; sometimes an odd email address is not visible from a mobile device. For example, if the address is supposed to be for a bank, it wouldn’t be coming from a Gmail account. 

Todd Leyse, president and CEO of Adam’s Pest Control Inc. in Minnesota, has a degree in computer science. He recommends testing staff with fake attacks. “The greeting and closing are important, too. Over 99% of my emails end with ‘Thanks, Todd.’ My employees know if an email ends with ‘Regards,’ then it’s probably not from me,” Leyse says.

In the past, he says, employees have received suspicious emails from him where the email address uses the name “Todd Leyse,” but if you look closer at the email address, it’s not his.

“And, if there’s a link, hover on the link and look in the lower left-hand corner of the browser; it will show you where the link is taking you,” he says. “I recently got an email from E-ZPass, a local toll system, but there were lots of red flags in the email including links to other sites, not the E-ZPass site.”

Leyse says social engineering is another form of phishing. For example, if someone calls in and says they are a new hire and their supervisor asked them to call for someone’s credentials because they’re helping on an important project, don’t give out information.

“For example, if they ask who handles IT, don’t say ‘You need to call XXX at XXX-XXXX.’ It’s always better to ask for their number and say you’ll have someone call them back,” he advises.

Train for Cybersecurity Success

At Arrow, every new hire receives security training; they take an online class and then a test. All employees also complete quarterly training through a security awareness training firm.  

“You can spend all the money in the world on security software, and it won’t stop an untrained employee from making a bad decision,” Gillis says. “Proper education is essential to keeping your organization safe.”

Many free resources are available to help smaller businesses, too. For example:

1. Microsoft Learn: Basic Concepts of Cybersecurity
2. Cisco Networking Academy: Intro to Cybersecurity
3. Amazon: Cybersecurity Awareness Training
4. National Cybersecurity Alliance (staysafeonline.org)

Moxie has an in-house training program, which employees complete in the company’s learning management system. There are also recertification requirements to make sure employees are up to date with the latest best practices, and the information technology team sends out newsletters to keep employees in the know about the latest scams. 

Take It Seriously

Vavra says he once heard someone describe the pest control industry as the “best-kept secret in business.”

“It’s not widely known by the public how much revenue and data the pest control industry represents,” he says. “Industries that ‘fly under the radar’ but generate significant revenue are prime targets for bad actors because often, security infrastructure lags significantly due to the perception of minimal risk. The risk is real! Take it seriously—your customers deserve it.”

So, protect what you connect. When you adopt a proactive approach to cybersecurity, you’re defending your businesses, your customers, and your bottom line.

5-Minute Security Checkup

Do you have these basic security measures in place?

• Assess password strength. Use strong passwords, and don’t use the same password for different sites. Also, change them regularly. Gillis recommends changing passwords at least twice a year and says password managers can be helpful.
• Don’t share logins. When you have a single set of login credentials that multiple people can use to access a system or resource, that spells trouble. Each team member should have separate login credentials. 
• Use multifactor authentication (MFA) whenever possible. MFA is a security process that requires more than one method to log in to an account (also known as two-step verification). For example, when you log in, you’re first asked to enter your username and password. Next, you’re asked to provide a second factor to verify your identity, such as a code sent to your phone, a fingerprint scan, or the answer to a question. 
• Get a mobile device manager solution. This software tool helps organizations to manage and secure their mobile devices. They help with device configuration, app deployment, troubleshooting, and more.  
  Find a good CRM system and use it. Customer relationship management, or CRM, systems help to protect customer data and open up business capabilities. A good CRM system will also limit your need to print out customer data or write down information like credit numbers on random pieces of paper. Never do that! 
• Keep your devices up to date with the latest firmware and software. This ensures your applications will have the most recent security fixes to protect against known vulnerabilities and potential cyberthreats. The easiest way is to set up your computer to update automatically. Also, be sure you have antivirus protection on all your computers. 
• If you have a computer network, use a firewall. These are available at various price points. Be sure that any firewall you invest in monitors change events to keep your firewall up to date.