Thwarting Cybercrimes

by Ian C. Perry and Roman A. Basi – Basi, Basi & Associates | Published April 2026

 

 

The recent headlines about internet “hacking” and security breaches have focused on large retailers and big banks. Unfortunately, fraud and financial data losses are not limited to retailers or to one industry. Pressure cleaning operations and other small  businesses are increasingly vulnerable to cybercrimes and fraud.

Cybercrime and cyberattacks are the fastest growing crimes today with most impacting smaller businesses. Although cybercrimes and cyber fraud are considered casualty or theft losses for tax purposes and are often covered by insurance, avoidance is best.

The Threats

With almost every business involved with some form of internet connection or storage of data such as customer lists, employee information, books, records, receipts, tax documents, and, of course, credit cards, nearly 83 percent of small businesses do not, according to the SBA, have a contingency plan to respond to and report data breaches or losses.

Using the internet to conduct business or retain records makes every pressure washing operation a potential target. Hackers can steal customer lists or credit card information, and viruses can infect the operation’s files causing expensive havoc.

The Growing Cybercrime Industry

Cyber thieves are constantly coming up with new ways to steal passwords, hack files, and download sensitive data that can be sold—or used to steal from the pressure cleaning business or its customers. Using the internet to conduct business, retain records, and communicate makes a business a target for cybercriminals both within and outside the business.

Cyber crooks may steal the operation’s customer list or credit card information. Viruses can infect files, causing random but expensive havoc. Cybercrime is the fastest growing crime category, with almost half of all attacks targeting small businesses.

Creating security measures that not only keep cybercrooks at bay, but also prevent the operation’s employees from snooping where they shouldn’t and former employees from accessing the system after they’ve been terminated, is vital.

The internet continues to make electronic banking more convenient, but it also creates new risks. With electronic banking, every pressure washing business assumes greater liability for online fraud.

Obviously, everyone using electronic banking must carefully monitor  their accounts. A lack of vigilance could mean the operation has little recourse in case of fraud.

Inside or Out

Reportedly, a surprising number of small business owners and managers are unconcerned about cyberthreats—either external or internal. External threats include a hacker or cybercriminal stealing data while internal threats usually involve an employee, ex-employee, or contractor/consultant stealing data.

Unfortunately, data breaches or hacking incidents pose a serious threat that can result in significant financial loss, civil lawsuits, damaged reputation, and compromised records. There are also other costs, including mandatory customer notifications, credit monitoring services, and, of course, legal fees.

Since no business can hope to remain safe from cyberthreats, every business, especially those transacting business online, should have a cybersecurity plan that includes keeping computers “clean,” protecting information, frequently changing passwords, and having good antivirus software.

Managing the Risk

A data breach or hacking incident can not only harm the pressure cleaning operation but also lead to a lack of trust on the part of customers, partners, and suppliers. Small businesses must make plans to protect their operation from cyberthreats and help employees stay safe online. In fact, it is every pressure washing operation’s obligation to protect the data and the financial information of its customers, suppliers, and employees.

While cyberthreats can put any business at risk, a strong cybersecurity strategy can give the business a competitive advantage. Stopping information theft means protecting sensitive information, including the operation, customer, and supplier’s financial records.

Tips that can help secure a pressure cleaning business’s data, reduce its liability and, in many cases reduce the cost of insuring against potential losses, include the following:

* Computers that are used for sensitive applications, such as making electronic bank deposits, should be isolated from the rest of the operation’s network

* Controling access to data means limiting delivery and exchange of customer-, supplier- or employee-related documents and information to secure channels

* Requiring employees to enable multi-factor authentication (IMFA), which is especially phishing-resistant, on all accounts that offer it

* Require strong passwords and consider utilizing a password manager

* Get a firewall. There are hardware and software approaches that are both inexpensive and easy to use

* Regularly back up all data, even establishing measures to both protect and test all backups

* Get antivirus software and use it. There are a number of popular packages, most of which are relatively inexpensive. Although free updates are usually included, make sure to update the program regularly or, better yet, allow the software to do so automatically.

* When an employee or contractor who has had access to the system leaves the business, the employer should make sure their passwords are no longer usable. (Many employers lock an employee out of the system just before or at the same time as the termination.)

* Learn how to protect the business from phishing, those scams where criminals pretend to be a trusted company or individual (like the operation’s bank) in an email, text, or call to trick the business into revealing sensitive info, like passwords or bank details. It’s often as simple as clicking on a false link to a fake website that appears real.

* Create—and implement—a data security plan that includes immediate notification of all affected parties. It many cases, it is the law.

* Educate all employees on the dangers of phishing and account takeovers. It only takes one employee to open a link giving cybercriminals access to the operation’s entire system.

* Share the liability by demanding similar protocols with suppliers and checking for compliance.

Cybercrime or cyberthreats can put any business at risk. However, a strong cybersecurity strategy can give  the pressure cleaning business a competitive advantage. Stopping information theft means protecting sensitive information, including the operation, customer, and supplier’s financial records.

Keep all security-related and antivirus software up to date and monitor employees who have access to the operation’s information. And, don’t forget those “hard” assets. Shred sensitive papers rather than simply throwing them out. Criminals might be able to use the information contained.

Insurance to the Rescue

Little of a business’s data is typically covered under today’s insurance policies, although some of a business’s insurance policies might offer general liability protection.

Commercial crime insurance policies may, for example, cover funds lost to cyberfraud, such as phishing or so-called “business email compromise,” but only if they directly result from a computer attack.

Under most commercial coverage, data breaches are generally not considered physical damage, leading to disputes over whether standard general liability policies cover them. Dedicated cyber insurance policies, on the other hand, are designed to cover first-party losses (system damage, data replacement, and extortion).

Cyber liability policies were created to cover identity theft, business interruptions when hackers shut down a network, damage to a business’s reputation, and costs associated with damage to data caused by a hacker. Policies can also cover the theft of digital assets, malicious attacks via computer code, human errors that disclose sensitive information, credit monitoring services, and lawsuits.

Many contractors and other business owners are beginning to recognize the importance of cyber insurance in today’s increasingly complex and high-risk digital landscape. However, this awareness is often tempered with skepticism about the true value of cyber liability insurance.

Whether because of its cost, the limits imposed, or the tight terms and conditions, only 25 percent of U.S. businesses have purchased cyber liability insurance policies.

Cyber liability insurance can cover hacker attacks, viruses, and worms that steal or destroy a business’s data. Even email or social networking harassment and discrimination claims can be covered along with trademark and copyright infringement. Cyber liability insurance often covers profits lost because of a system outage caused by a nonphysical peril such as a virus or attack.

Taxes

As mentioned cybercrimes and cyberfraud may qualify as casualty or theft losses, although their deductibility is often limited. And remember, personal losses, with the exception of losses incurred in a trade or business or in a transaction entered into for profit (e.g., investment account fraud) are not tax deductible.

Losses from any sudden or unexpected event, such as a fire, flood, vandalism, or theft, usually qualify as business loss deductions. Losses are deducted in the year they occur, or, in the case of a theft loss, when discovered. Naturally, documentation is required and any deduction must be reduced by any insurance or other compensation received or for which there is not a “reasonable” prospect of recovery.

Winning the Battle

Businesses, even small businesses, are increasingly being targeted by the growing number of cyberthreats and need to use every protection strategy available—including cybersecurity—to combat those threats. Cybersecurity is—or should be—a continuous process.

Because technologies, regulations/laws, and cybersecurity threats continue to change, every pressure cleaning business owner and manager should strive for continuous improvement of their operation’s cybersecurity risk management.