The Edge June/July/August 2026

PROTECTING YOUR BUSINESS

Cybersecurity in the Field: Don’t Let a Tablet Take Down Your Business By Jill Odom

YOU DON’T NEED TO BE A FORTUNE 500 COMPANY TO BE A TARGET FOR cybercriminals. You just need to be profitable enough that they think you can pay. “They don’t actually want to bankrupt the company; they want to be able to be paid, but it’s going to really hurt,” says Patrick Curtin, director of technical sales at Field Effect, a cybersecurity company for businesses. “If people aren’t properly set up to withstand that kind of attack, and they don’t have good backups, then they might feel like they have no choice but to pay up.”

infection and compromise for organizations large and small.” Once a threat actor has a user’s creden tials, they can then start a ransomware attack or use that account to send out fake invoices or change banking information. “They’re going to try and establish persistence because their first foothold is pretty weak,”Curtin says. “They’re going to try and escalate their privileges so they can do more. They become system administra tors and then spread. They’re going to look for data. Steal data, send the data out, then they’ll encrypt systems.” When a ransomware attack occurs, Cur tin says without good backups, a company will lose access to the systems they need to run the day-to-day aspects of the business. Even after paying the ransom, there’s no guarantee the cybercriminal will provide a decryption key that actually works. “There’s some research showing that only around half of the companies that pay the ransom actually will get their data back,” Curtin says. “The best thing is to avoid it in the first place.” BUILDING RESILIENCE While cyberthreats are real, the good news is that your organization is not helpless against them. Curtin says the key to avoiding debili tating cyberattacks is building defense in depth and resilience. “We’re not aiming for perfection,”Curtin says. “Perfection is impossible. Anyone who tells you that they’re just blowing smoke. It’s all about building layers so that when something does go wrong, it’s not going to be the end of the business.” When a company has cybersecurity resilience, if an individual does fall for a phishing email and enters their credentials somewhere, the attack is contained. Curtin says that resilience is established through your people, processes and technology. The first step is increasing awareness with your field staff who are using mobile devices to clock in and access job details on a daily basis, so they know what threats are out there and how to identify them. Curtin

“Mobile devices have not just sensitive information, but threat actors can silently activate the camera/microphone to listen and see what’s currently happening,” Pepper says.“Hackers can tap into the GPS to determine locations or even use the compromised device to launch further attacks on other users and devices.” Another risk is when crews choose to tap into nearby public Wi-Fi, whether it’s on a commercial property or a nearby coffee shop between jobs, as hackers can create rogue hotspots to impersonate the real hotspot. “Once the users join the fake Wi-Fi hotspot, it’s possible the threat actors could try to capture traffic, inject malicious payloads or even perform SSL interception where they can look inside of encrypted traffic,” Pepper says. Identity attacks are the most common threat. This is where cybercriminals try to trick a user into completing a certain action, such as entering their password. “There are a few variants of that that don’t involve a password,”Curtin says. “Sometimes they’ll bring up a CAPTCHA screen and say you need to enter this really long, convoluted alphanumeric code into that CAPTCHA screen, and that’s the new variant, but they’re always trying to trick you into doing something.” Pepper says that phishing through emails and smishing via texts continue to have the most volume and effectiveness in attacks. “Threat actors can craft custom mes sages that look legitimate,”Pepper says. “End users, thinking they are expecting a package, an offer from a vendor or a note from a friend or colleague, are likely to get duped and click on a malicious link. This continues to be a major initial source of

As more landscape companies move to implement technology in their field op erations with smartphones and tablets to boost efficiency, it also increases the risk of cyberattacks unless the proper safeguards are in place. “It’s actually never been worse than it is today,”Curtin says. “That’s not fear mon gering; it’s just the way it is. The barrier to entry to cybercrime has never been lower. Anyone can go online today, and if they’re willing to spend a few $100 a month, they can get access to incredibly sophisticated attack tools.” THE THREATS Cyberthreats aren’t just a concern for office workers anymore. The risk is often the device in a crew leader’s pocket or a tablet sitting in the truck. Unsecured mobile devices can be an easy entry point for attackers. “As more organizations rely on tablets and smartphones for field operations, one of the most significant cybersecurity risks is the growing number of remote users and devices that remain constantly connected to the internet,”says Greg Pepper, security architect and office of the CTO at Check Point Software, a cybersecurity solutions company that helps protect corporate enterprises and governments. “This ‘always on’connectivity exposes both users and endpoints to a steady stream of threats, including phishing attacks, drive-by down loads that deliver ransomware, and other forms of malware.” Everyday actions such as opening a malicious email, visiting a compromised website or installing seemingly legitimate applications can all contain hidden malware. Pepper says malware on mobile and tablet devices can be crippling to an organization.

20 The Edge // June/July/August 2026