Products
Features
Estimates & Invoices
Easily send estimates to customers and receive electronic approvals before starting work.
Service Order Workflow
Receive repair requests and generate service orders quickly and efficiently.
Inventory Management
Manage parts across multiple locations and easily order from vendors.
Reporting
Get complete visibility on all aspects of your shop.
Customer Communication
Keep customers in the loop on repair progress with simple two-way communication.
Text Alerts
Fullbay’s Text Alerts allow you to reach customers and employees.
2-Way Texting
Turbocharge your communication by sending, receiving and managing customer text messages in Fullbay.
Integrated Accounting
Reduce administrative overhead with automated bookkeeping that syncs with accounting programs.
Integrations & Services
Fullbay’s leading technology integrates seamlessly with other industry tools.
Onboarding, Support, and Training
There’s all kinds of ways to learn how to use Fullbay! Our support services are completely free.
View All Products
Shop Essentials
Dieselmatic Digital marketing solutions built for heavy-duty truck repair shops. Grow your business with a premium website, pay-per-click management, and more. Learn More
Fullbay Payments Accept and process credit cards, fleet checks/cards and ACH payments with next-day funding, all without leaving Fullbay. LEARN MORE
Fullbay Connect Fullbay Connect is the ultimate solution to access premium integrations and features, making life easier for everyone in the shop. Learn More
Solutions
Who We Can Help
Fleet Maintenance Management Software
Helps fleet managers maximize efficiency and extend asset lifespan.
Diesel Truck Repair Shop Software
Provide the fast, reliable service that customers want—with more profit and less headache.
Heavy Equipment Repair Software
Boost efficiency in your heavy equipment repair shop with fast, flexible software.
Mobile Truck Repair Software
Streamline your heavy-duty mobile operation—even when the team is miles apart.
Tow Truck Repair Software
Help your shop efficiently dispatch tow trucks, track repairs, and more.
Agriculture and Farming Equipment Repair Software
Provide the fast, reliable service that farmers need to keep their equipment working.
Fire Truck and Ambulance Repair Shop Software
Provide consistent, dependable repairs and maintenance that emergency vehicles can rely on.
Construction Fleet Maintenance Software
Keep the worksite safe and efficient with maintenance software built for construction equipment.
RV Repair Shop Software
Make sure every RV can explore the road with a safe, reliable vehicle
Read case studies from our customers
What Our Customers Say About Us
Shop Stories See the improvements real shops experienced when they switched to Fullbay. Learn More
Testimonials Our customers take to video to share their stories about life with Fullbay. Learn More
Reviews What else are customers saying about us? Click here to read the raves. Read Now
About Us
Who We Are
Our Story
A better life for shops leads to safer roads for us all.
Fullbay Cares
See how we give back to the essential workers of heavy-duty repair.
Our Company Values
We're all about creating a rewarding environment for our employees and customers.
Our Leadership Team
Fullbay is made possible by an incredible group of people, staring with our leaders.
Learn More About Fullbay
Building the Diesel Repair Community
Join the Fullbay Team Looking for the next step in your career? Join the team and help us continue our mission to better life for shops and contribute to safer roads for us all. Learn More
ALL ABOUT THE GRILLES STORE Shop our 80+ diesel-themed products and contribute to a great cause! Check back frequently because we’re always adding more. Learn More
Shop Owner Roundtable Catch up on season 1 or watch the newest episodes of our hit series Shop Owner Roundtable! Watch Now
Resources
Industry Resources & Best Practices
Blog
Get the latest trends and best practices in heavy-duty repair.
ROI Calculator
Free tool: How profitable is YOUR shop?
Webinars
Learn from the top industry minds
VIN Decoder
Check out the background of any truck.
Downloads
Download free educational guides and resources.
Parts Markup Tool
Determine your ideal gross profit and markup percentage,.
Podcast
Diesel Stories: A heavy-duty podcast for the heavy-duty industry.
The State of Heavy-Duty Repair
The definitive report on the commercial vehicle repair industry.
View All Resources
Featured Resources
Enter the Matrix: How to Maximize Parts Profit Check out this webinar where we’ll show you how to build a price matrix that will drive more revenue for your shop. Watch Now
DIESEL CONNECT 2023 REPLAYS Watch the session replays from Diesel Connect 2023. Watch Now
Refer a Shop
CONTACT US

SALES: (385) 399-0922   |  SUPPORT: (385) 217-3389   M-F, 6AM - 6PM MST

Login Free Demo
Call Us Today (385) 399-0922
Refer a Shop Contact Us SALES: (385) 399-0922 SUPPORT: (385) 217-3389 M-F, 6AM - 6PM MST
Login Free Demo
Blog.
Jun 29, 2024
Patrick McKittrick
Patrick McKittrick

Planning For The Worst: Securing Your Shop From Digital Attacks

Planning For The Worst: Securing Your Shop From Digital Attacks

We’re big proponents of shop safety—we preach about it pretty routinely on the blog!—but today we’d like to discuss a different, but no less important type of safety: cybersecurity.

At first thought, a diesel repair shop doesn’t seem like a candidate for a hacker’s list of “Places To Hit.” But your shop still collects plenty of valuable information from customers, and that data is immensely appealing to scammers and hackers of all stripes, from the lone wolf who wants to drain your bank account to the shadowy groups that steal massive amounts of information to hold for ransom or to sell on the Dark Web.

How do these groups manage to access this information from a business? A surprising percentage—the exact count varies by source—begin, accidentally, from errors made by internal employees.

That’s why we’ve put together this guide. After all, you likely have a safety program in your shop to keep staff and customers safe from physical danger; you should also have a digital safety program in place to keep staff and customers’ data safe from scammers and thieves.

Often an attack begins with phishing, or fooling employees into providing their credentials. Sometimes a data breach starts from a simple malware infection. And sometimes scammers will go right into your place of business and snag valuable information while acting like a customer.

So what can you do?

While we would very much prefer to live in a world where such attacks did not happen, the reality is they are becoming more frequent. As a business owner, you have a responsibility to your customers and your staff to keep their data as safe as you can. That may mean investing in software or other cybersecurity measures, but it also means training your employees—from the kid sweeping the floor to your office manager to your techs—to be on the lookout for attack attempts.

This is by no means an exhaustive look at modern cybersecurity. We are not the people to offer you extensive cybersecurity advice, although we do take it very seriously: Fullbay’s staff engages in year-round training on how to spot phishing attempts and other cybersecurity threats. We believe in education.

Because that’s where cybersecurity really starts: education.

Treat this guide as a starting point—a place to begin while you implement stronger measures.

THE PRECURSOR ATTACK: PHISHING

First, make sure your employees know what phishing is.

Phishing got its name because those deploying it are “fishing” for information. This is one of the most common avenues a hacker can take to enter your system; they will send a very legitimate-looking email from an entity you do business with or have done business with in the past. Think your bank, your favorite parts house, or your health insurance company, to name a few.

The email may warn of an overdue bill, a bounced card, a canceled shipment, or a failed login. You’ll be prompted to click a link and visit the website—which is also often well-spoofed—and enter your login credentials to gain access. Depending on the scam, they may also ask you to update a credit card or personal information (which can include Social Security numbers and addresses).

Scammers will then have all that information. They can log in to the actual website using those credentials. And because a good portion of the population reuses passwords across platforms and websites, scammers can now log in to many other things, too.

You can see how phishing can rapidly lead to a data breach. That’s why training your employees to recognize phishing efforts is an important line of defense.

Have your people ask themselves the following questions whenever they open an email:

  • Does the email appear to be from a reputable source? Often, scammers will not match their email’s domain name to the company they’re attempting to spoof. This generally is easy to spot if you know what to look for, like extra numbers and/or misspellings in the domain name. If you’re using Gmail, clicking on the triangle directly underneath the “From” field will show you the email address in its entirety (which often will not match the email displayed). Below, you can see a screencap of an actual scam email purported to be from SiriusXM (as you can tell, it’s not).
  • Where does the link go? Employees should NOT immediately click on a link. Most web browsers allow you to “hover” over a link to see where it will take you. Often, the domain name will give it away. You can also copy and paste a link into a safety checker (Google has a free one) to see if it raises any alarms.
  • Is it well-written? Scam emails are often—but not always—full of errors. Random capitalizations, spacing, misspellings, typos, and so on are all signs to look for.
  • Does the email feel urgent? Scammers are successful in part because they make their emails seem very important. They may include threats like “FINAL WARNING” and “Your Account Is Suspended” to scare people. If your employees are receiving emails with messaging like this, have them bring it to your attention. Here’s a real-life example of falsified urgency, complete with warnings and spelling/grammar errors: Understanding and avoiding phishing emails are just one component of a digital safety plan. Up next: Passwords.

PASSWORD SECURITY IS SHOP SECURITY

Your employees probably use more passwords for work than they realize. Sure, there’s computer logins, but they may also have profiles and passwords for parts houses, vehicle manufacturers, and shop management software, among other things. As we learned from the phishing discussion above, a password can give a scammer access to a lot of information.

Encourage your staff to follow these password best practices to keep themselves, your shop, and your customers safe and secure:

  • Create a strong password for each site or platform you use. Do not use “12345” or “heyitsmypassword.” You want it to be long, with many letters, numbers, and symbols—something not easily guessed and not easily remembered. You may also consider stringing together a short sentence or two that you will remember but no one else will. In addition, most web browsers will create a password for you.
  • Change your password frequently. McAfee suggests changing your password every three months.
  • Don’t reuse passwords! Too often, scammers gain access to information because people use the same email login and password across multiple platforms. Instruct your employees to create a different password for each platform or service they’re logging on to.
  • Get a password manager. We understand: it’s tempting to just use one or a handful of passwords because everything requires a password these days. Consider purchasing a password manager which can create and remember your passwords and login information—for all your websites and platforms—for you. You’ll only need to remember the master password to get into the manager itself, and the manager will store all your passwords in the cloud. Incidentally, having your data—whether it is your password manager or your shop’s information—in the cloud will offer you another layer of security.

WATCH OUT FOR LINKS & ATTACHMENTS

We discussed being vigilant about links in potential phishing attacks earlier, but links and attachments can also be used to download malware to a device and allow scammers to hijack it. This is another common way criminals crack open the door to a data breach.
Teach your staff to look critically at any attachment they’re asked to download. Have them ask themselves the following questions:

  • Is this an attachment I was expecting? In our line of work, we may receive photographs of vehicle damage or PDFs of estimates and invoices. Does the document appear to be a PDF or a JPG? Keep an eye out for .EXE (executable files) or ZIP (compressed) files, as these may signal something that will be installed on your computer.
  • Is it from a legitimate email address? Look carefully at the email itself. Does the presented domain match the actual domain? Do you know this person? Are you expecting an email from them at all? As an aside, instruct your staff to ask customers who want to email something what their email addresses are before the item is sent. If you are uncertain whether an email is from a customer, pick up the phone and call or text them: “Did you just email this to me?”
  • Is it from a phone number I recognize? Malware (and phishing) can come through text messages, too. Is the phone number the message is coming from the one you have on file for your customer? If not, call the one you have on file to make sure—don’t click on anything in the body of a text without verification.

KEEP YOUR PHYSICAL LOCATION SECURE

We often picture massive data breaches and hacks originating from a darkened server room on the other side of the world. While this is sometimes the case, hacks and breaches can and do occur via social engineering: someone goes into your shop and gains access to your system via just being in the right place at the right time. Maybe they’ve seen a login and password written on a Post-It note. Maybe they’ve been asked to type in their information themselves to spare an employee their long, difficult-to-spell name.

In both cases, you’ve just given someone access to your system.

The first—and easiest—way to combat this situation is to not keep Post-Its or scrap paper with passwords on them. If you must keep physical copies of passwords, place them in a secure location (in a notebook that resides in a locked drawer, for example). Your staff should not be tempted to hand over a device for a customer to use unless it’s the end of the process and they’re signing something—in other words, they aren’t to enter their own information, no matter how difficult their name is to spell.

In addition, your employees should never—ever—take a flash drive from someone they don’t trust and put it into a shop computer. That’s a very, very easy way for someone to hijack your machinery.

KEEP YOUR SOFTWARE SECURE, TOO

The modern diesel repair shop often utilizes a lot of different technologies—and there’s likely more to come. Every piece of software you purchase or platform you use should have best-in-class technology to safeguard your data and your customers’ data (yes, Fullbay does this).

Look for Secure Sockets Layer (SSL) encryption on all the platforms you use—this is easily spotted by a little padlock and “https” at the beginning of a website URL. If you only see an “http” address in the URL, then the site is not as secure as it should be.

Other things to consider are a company’s reputation and focus on security. If they’re not making it a priority, or their track record is less than ideal, that’s never a good sign.

PROPER EDUCATION IS ESSENTIAL

The guide above can get you started with shop security—but you’ll want to look into further measures. There are plenty of programs out there that can provide a more comprehensive education to your entire shop; often, they provide a mix of in-person, hands-on training and subsequent refreshes as needed.

You may also look into additional protective measures for your shop’s digital security, including a firewall and powerful antivirus software (if you don’t have one already).

The road to a secure repair shop begins with educating yourself and your employees. Treat it as an investment in both your people and the customers you serve—keeping them safe isn’t just about hanging on to their business, it’s also just the right thing to do.

If you’d like to continue your own education in cybersecurity, we recommend starting with Cybersecurity & Infrastructure Security Agency if you’re in the United States, or the Canadian Center for Cyber Security for those in the north. Both agencies will give you good jumping-off points for learning more and keeping your shop’s data safe.

Patrick McKittrick
Patrick McKittrick Prior to joining Fullbay as CEO in 2021, Patrick served as CEO of FieldRoutes (formerly PestRoutes), a software company focused on the field services industry. He earned a bachelor’s degree in economics from the University of North Carolina at Chapel Hill and now resides with his family in Dallas, Texas. When he’s not working, he enjoys golfing and spending time with his family.
Subscribe

Get news & tips Right in your inbox.

Fullbay Connect: 2-Way Texting