Cybersecurity for Solo Tradespeople: 10 Essential Steps for Plumbers, Roofers, and More
As a self-employed plumber, roofer, or tiler, your business relies on your reputation and your tools. But your digital tools — your phone, laptop, and online accounts — also need protection. Cybercrime against solo tradespeople is on the rise because you're seen as an easy target. You don't need to be a tech expert to stay safe. With about four hours and the right simple tools, you can protect your business. Here's a direct list of what truly matters.
READY TO TAKE ACTION?
Use the free LaunchAdvisor checklist to track every step in this guide.
The quick answer for your trade business
Your solo trade business needs solid defenses. The five steps that stop most cyber attacks against plumbers, roofers, and other trades are: use a password manager for all your business accounts (supplier portals, invoicing software), turn on two-factor authentication for your business email and bank, learn to spot fake emails (phishing scams), update your computer and phone software, and back up your job photos and invoices automatically. Do these five first. The other steps on this list are good but not as critical.
1. Password manager and unique passwords for your trade business accounts
Think of all the accounts you use: your supplier portals (like Ferguson, ABC Supply, Home Depot Pro), your invoicing software (QuickBooks Self-Employed, FreshBooks), your bank, your scheduling app. Each needs a strong, unique password. Using the same password everywhere is like using one key for your house, truck, and tool shed. If a hacker gets one, they get them all. A password manager (like Bitwarden, 1Password, or Dashlane – often free for basic use) creates and remembers these strong passwords for you. It takes about 30 minutes to set up. This one step stops almost half of all account takeovers that hit independent contractors.
2. Two-factor authentication (2FA) for your business email, bank, and apps
This is like adding a second lock to your most important doors. Even if someone guesses your password, they can't get in without a second code. Turn on 2FA for: your main business email (like Gmail or Microsoft 365), your bank account, any payment apps (Square, PayPal), and your supplier accounts. If you run a website, protect your domain registrar (GoDaddy, Namecheap). When possible, use an app like Google Authenticator or Authy instead of getting codes via text message. Text messages can be faked, making them less safe for a self-employed plumber or roofer whose phone number is public.
3. Phishing awareness for trade pros (watch out for fake invoices)
Many hacks start with a fake email, called "phishing." These emails often look like they're from a supplier (e.g., "urgent payment due for your recent materials order"), a customer ("final invoice for job #1234"), or your bank. They want you to click a bad link or open a virus. Look for: emails asking for money or login info right away, sender addresses that look slightly off (e.g., "support@fergusson.com" instead of "support@ferguson.com"), or urgent threats. Always hover your mouse over links to see where they really go before you click. If you get an email about a payment or account issue, go directly to your supplier's or bank's website by typing the address yourself, not by clicking a link in the email. This protects your independent contractor earnings.
4. Automatic backups for your job photos, estimates, and customer lists
Imagine losing all your past job photos, customer contact info, pricing sheets, or the estimates you worked hours on. A ransomware attack can lock all your files and demand money. Your best defense is a separate, automatic backup. Services like Backblaze Personal Backup (around $9/month) run constantly in the background, backing up your laptop or desktop. Google Drive and OneDrive are good for sharing, but they usually sync changes, meaning ransomware can also infect your cloud files. You need a dedicated backup system that keeps older versions of files and isn't constantly connected to your main computer. This is vital for a self-employed roofer or plumber whose digital records are their livelihood.
5. Keep your computer and phone software updated (stay ahead of hackers)
Your computer's operating system (Windows, macOS), your phone's OS (iOS, Android), and all your apps (web browser, QuickBooks app, scheduling apps) get updates. These updates aren't just for new features; they often fix security holes that hackers love to exploit. Think of it like a new set of tires or a tune-up for your work truck – it keeps things running safely. Make sure automatic updates are turned on for everything. This is a simple step to protect the tech you use daily for your plumbing or flooring business.
6-10. More smart moves for your independent trade business
6. Separate work and personal devices (if you can): If possible, use one phone or computer just for your business. If not, create separate profiles or be extra careful about what you download and click when using one device for both. This keeps your trade business info safer from personal risks. 7. Use a VPN on public Wi-Fi: When you're at a coffee shop or hotel using their Wi-Fi, your data is more exposed. A Virtual Private Network (VPN) encrypts your internet traffic, making it harder for others to snoop. This is key if you're checking your bank or supplier accounts while on the go. 8. Remote wipe for lost business phones or laptops: If your work phone or laptop (which probably holds customer addresses or job details) gets lost or stolen from your truck, you want to be able to erase it. Set up remote wipe features on your devices (usually in your phone's or computer's security settings). This protects your independent contractor's client information. 9. Simple plan if something goes wrong: What if your computer crashes or an account gets hacked? Have a simple plan: who would you call? Your bank, your payment processor, maybe a local IT person. Knowing this ahead of time saves panic. For a solo tradesman, this might be as simple as having key phone numbers written down. 10. Check account access (especially if you use subs): Even as a solo pro, you might have shared access to accounts with a virtual assistant or a temporary helper. Review who has access to your QuickBooks, supplier accounts, or social media pages every few months. Remove access as soon as someone stops working with you.
RECOMMENDED TOOLS
1Password Business
Password management + breach alerts for teams
Bitwarden
Free password manager — no device or password limit
Backblaze
Automatic computer backup for $9/mo
Some links above are affiliate links. We may earn a commission if you sign up — at no extra cost to you.
FREQUENTLY ASKED QUESTIONS
Do I need to buy cybersecurity insurance?
Cyber insurance is worth considering once you handle customer payment data, store significant customer personal information, or your business operations are heavily dependent on digital systems. For a simple service business with minimal data, your time is better spent on prevention. For any business handling healthcare, financial, or legal data, cyber insurance is essential.
What is the most common way small businesses get hacked?
Phishing emails that trick employees or owners into revealing credentials. Business email compromise (BEC) — where an attacker impersonates a vendor or executive to redirect payments — is particularly damaging and increasingly common. Both are primarily prevented by 2FA and training, not software.
How would I know if I had been hacked?
Common signs: unusual account activity, colleagues receiving emails you did not send, unexpected password reset requests, unfamiliar logins in your account activity log, unexplained charges. Run a breach check at haveibeenpwned.com for your business email addresses.
Apply This in Your Checklist