The Edge June/July/August 2026

encourages explaining the why behind your cybertraining, which can help ensure buy-in from team members. “When a cybercrime happens, it can be really bad for the business, and it can mean we’re not getting work,”Curtin says. “It can mean we’re not paying you. So I would re ally go to principles like that, it’s about busi ness health. All good employees should hope that their business is doing well and they’re contributing to that, and part of that contribution is being safe online.” Curtin says it’s also important that team members know to speak up if they were tricked by an identity attack. “If I did something, say something, ‘I’ve made a mistake here,’”Curtin says. “‘My device is acting weirdly. Can someone look at this? I may have made a mistake.’The business shouldn’t be looking to punish that person. They should actually be really glad you brought that forward so they can look into it.” It’s best to treat cybersecurity just like any other safety training rather than a niche IT concern. Keep your messaging simple and practical so employees know how to handle these situations. Pepper says a good rule of thumb to share is if you have to think about whether an email or text is legitimate or malicious, you’ve probably already answered your own question. “It’s best not to click on a link and confirm from the sender if this was a valid email, attachment, or text message rather than clicking blindly on the links only to find out it’s malicious,” Pepper says. “It only takes a moment to verify the legitimacy and authenticity of the digital content before opening unknown links, emails, and attachments.” There’s no one silver bullet to protect your field devices from cyberattacks. Rather, it comes down to following a number of different processes and practices. One basic cyberhygiene practice is the use of multifactor authentication and complex passwords. “Password managers are really, really good so that will allow for very long pass words that people don’t have to remember, and they just have to use their password manager app on their device that takes care of it,” Curtin says. Curtin adds that reusing the same password can also be a major problem, as cybercriminals can then access all your accounts. NON-NEGOTIABLES FOR FIELD DEVICES

“One of the things we’re seeing more and more is they’re requiring 24/7 cover age,”Curtin says. “If you have an incident and you submit a claim, they’re going to ask to see evidence that you were doing what you said you were going to do, and if you aren’t doing that, then they’re not going to honor the claim.” Pepper says it’s imperative that compa nies read the fine print before commencing a new cybersecurity insurance policy and understand what requirements and due diligence are mandated on their end to maintain compliance with the insurance policy itself. Curtin recommends having a third party conduct a cybersecurity assessment to determine where your company needs to improve. “Ask yourself, if someone were to employ an identity attack against us today, how are we going to spot that? Are we going to spot that?”Curtin says. “Then you can get into harder questions, like, ‘How do I know my vulnerability management program is working?’If you don’t have one, you need one. And‘how am I going to detect the stealthiest attacks where they’re going to log in as you and use your own tools against you?’If you’ve got good answers for all of that, you’re in a good space. If not, there are things you’re going to need to focus on.” TE

Pepper recommends protecting sensi tive customer, partner, and employee data on mobile phones and tablet devices with an enterprise-encrypted portion of storage. “This allows for business-related email, files, and data to be isolated in a secured partition on the phone or tablet,”Pepper says. Another non-negotiable is regularly patching and updating your field devices. Curtin says that cybercriminals are often looking for vulnerable devices that are run ning old, unpatched software. He says auto matic updates are an absolute necessity. Curtin encourages landscape compa nies to have processes in place for when an employee leaves the organization, so they don’t retain access to their accounts. Pepper adds that in instances of lost or stolen phones or tablets, companies should utilize enterprise tools that allow them to remotely wipe data off these devices. ADVICE FOR OTHERS Pepper stresses that whether you have 10 or 1,000 employees, you need to secure all your devices, especially those that are outside of the office, where networks, environments and usage are harder to control. “Laptops, desktops, phones, and tablets can all be targets for cyberattacks,”Pepper says.“Any one of these devices, when compromised, can spread from one device to any and all devices connected to the networks.” Curtin adds that prevention is far cheap er than recovery. Even if you have offline backups and cybersecurity insurance, rebuilding is a costly and painful process. “Cybersecurity insurance is good to cush ion the blow,”Curtin says. “They’re going to help you with some of the costs, but one of the things they don’t normally do is help you with the lost revenue and reputation.” Additionally, having the right cyberse curity controls in place is now necessary to even have a cybersecurity insurance policy issued.

Photo courtesy of Aspire

 KEY TAKEAWAYS ■ Field devices are a primary entry point for

around stealing creden tials through phishing and similar tactics. ■ Cybersecurity is about layers, not a single fix. Resilience comes from

cyberattacks. Smart phones and tablets

used for daily operations create constant exposure to phishing, malware and credential theft. ■ Identity attacks are the biggest threat and center

combining employ ee awareness, strong processes and protective technology.

National Association of Landscape Professionals 21