Industry Advice Ask Mike: How Can the Industry Shield Itself Against Cybersecurity Threats?

with Mike Anderson

This month, we “ASK MIKE” to share his thoughts on some of the most common cybersecurity threats facing the collision repair industry. We at Hammer & Dolly hope you find the following exchange useful, and we encourage you to reach out to us if you have a question for Mike on this or any industry-related matter that he can answer in a future issue.

Hammer & Dolly: Any industry – and anyone with a computer, for that matter – is subject to cybersecurity threats. What are some examples of cybersecurity issues you’ve encountered as an automotive industry consultant, and what are some ways shops and other businesses can protect themselves from them?

Mike Anderson: I personally know of at least 20 shops that have been hacked and held for ransom in Bitcoin over the years. The highest ransom amount was $30,000. Not one of those businesses got out of the situation without paying the ransom – all they could do was negotiate with the attacker for a lower amount.

The first thing I tell people is never to assume their backup systems are working. Just like you maintain your compressors and spray booths, you need to maintain your IT systems. At least quarterly, you should have your IT person confirm that your backup is working. 

Remember when you used to have fire drills at school? Talk to your IT person about doing a similar exercise with the

people at your shop. What should they do if someone at the facility gets hacked? Should you turn off and unplug your computers right away? Have an emergency plan in place if you get hacked.

As the saying goes, ‘An ounce of prevention is worth a pound of cure.’ David Willett of SPARK Underwriters has access to free training that shops can take to become educated on minimizing their risk. Just as we do hazardous material training every year, you should do cybersecurity training as well.

Some companies are very strict about how they lock down their systems. For example, their employees can’t visit unapproved websites. It’s my opinion that people should use dual authentication. Some people may complain about having to change their password in CCC all the time, but that helps prevent hacking. Also, knowing what data pumps are on your computers is critical. There are companies out there that can help you identify them.

Shops also need to be mindful of bank transfers. I was recently at a shop when a guy called and said, ‘I’m from your bank. I need you to transfer this money,’ and the person at the shop did it. I said, ‘You need to question that!’ He called his bank, and they said, ‘That wasn’t us!’ I saw that happen at a shop just a few weeks ago. If someone supposedly calls you from your bank, tell them you’ll call them back, then call your local bank branch to make sure the call was legitimate.

Back when I had my shop, I got a call from a dealership where I bought parts. The guy says, ‘Hey, there’s a guy here wearing a Wagonwork shirt, saying he’s here to pick up $3,000 worth of parts that he ordered, and he wants us to charge them to your account. Something about this doesn’t seem right.’ It turns out this person had made a shirt with our shop’s logo on it. He was working on cars in a parking lot somewhere. The police were called, and he was arrested. That’s another example of some of the crazy stuff people will do to try to steal from you. 

H&D: I would like to think that most people know not to click on suspicious links in emails, especially if they don’t know the sender. But what are some not-so-obvious hacking attempts you’ve encountered?

MA: Some people may receive an email from someone they know, but a closer look at the sender’s email will reveal that there’s a character off in the address or something else that indicates it’s a fake account. If someone emails you a ‘bill’ as an attachment, it’s important to first double- and triple-check the sender’s email address before you click on the link or attachment. This is another example of why in-shop cybersecurity training is necessary.

It’s also essential to carry the appropriate insurance. I suspect most people aren’t properly insured for these types of incidents. Ensuring that you are insured should be a priority. 

H&D: This conversation reminds me of the ongoing discussions in this industry about who owns certain data. It seems that consumer data is also potentially at risk in these situations.

MA: Here’s something along those lines that many people don’t think about. I really appreciate that a lot of technicians like to post pictures of vehicles on social media because they’re proud of their work. However, a business owner should never allow that to happen. It’s a violation of the customer’s privacy. If, God forbid, you’re not performing safe and proper repairs, that image on Facebook or elsewhere online could be used against you in a lawsuit. Furthermore, it can also damage your reputation and undermine customer trust. Always prioritize protecting the consumer over showing off your work online. 

Want more? Check out the April 2025 issue of Hammer & Dolly!