CHICAGO — According to the Allianz Risk Barometer for 2025, cybersecurity risk remained the top business concern in the United States and worldwide over the past year.
The types of “cyberattacks” in businesses include ransomware, data breaches and IT (information technology) disruptions.
As laundry equipment and technology become more digital with internet access and cloud-based applications, industrial and institutional operators should be aware of the possibility of cyberattacks and how to defend against them.
INDUSTRY VULNERABILITY
Anupam Swami is senior IT director for Prudential Overall Supply in Irvine, California. She says that industrial laundries are just as susceptible to cyberattacks as any other sector, particularly as they increasingly adopt connected systems and cloud-based applications.
“Many operators underestimate their risk because the industry isn’t seen as a high-profile target,” Swami shares. “However, cybercriminals often exploit this false sense of security, targeting industries with weaker cybersecurity postures. Any organization handling digital operations, customer data or supply-chain logistics can be compromised if not adequately protected.”
She says the most vulnerable points of an industrial laundry operation for cyberattacks include email systems, internet-connected equipment, and externally facing applications like portals, vendor platforms, and cloud software.
“These interfaces are common vectors for phishing, ransomware and credential-stuffing attacks,” says Swami. “As laundries digitize operations — including inventory management, equipment control and customer transactions — their cybersecurity is only as strong as the weakest link in their software stack and network configuration.”
Steve Levenkron is vice president of information technology for PureStar, a commercial laundry hospitality laundry company. It has 13 regional brands with 36 facilities across three countries and in 22 major U.S. markets.
His answer to how vulnerable to cyberattacks are industrial laundry operations is … “it depends.”
“With the data we have, we’re not exactly a target,” says Levenkron. “When you think about it, we don’t have that much data, so in and of ourselves, we’re not targets. However, (hackers) could, in some unique cases, use us as a jumping-off point to get to our clients, which are much larger. But for us, I’d say it’s minimal exposure. We process laundry. It’s industrial manufacturing. It’s not really a B2B or highly transactional business.”
Levenkron shares that smaller laundry operations may be more vulnerable than larger companies because they aren’t always aware of the risks.
“Things are becoming more digital, not so much in the laundry — and there’s only so much modernization you could do to industrial washers — but there are systems that control those washers,” he says. “There are interfaces to them, and for those to be secure, you need to segregate them properly.
“As an example, let’s say there’s a (personal computer) that controls a wash tunnel. First things first, does it even need to get to the internet, does it need to talk to anything else? If not, great. The PC is connected to the wash tunnel, but it’s not talking to anything else. You can’t get to it from the outside, and even if you could, you can’t get anywhere else.
“If for some reason that needed to be connected to the internet for support from the vendor, etc., if you segregated it from the rest of your network, the most a hacker can get is figure out how much soap suds you’re putting in. There’s just nowhere for them to go.”
Levenkron points out that, often, small companies don’t take such measures.
“They have one flat network,” he shares. “They don’t understand about setting up separate — they’re called VLANs — virtual networks, separating the equipment, because most of the equipment doesn’t need to talk to each other. It may need to get to the internet for vendors to support it, etc., but there’s no proprietary data in the new systems. It’s really industrial equipment, and as long as the network is set up and segregated, that’s really the way that you protect yourself.
“So, limit access to the internet and segregate the systems to separate virtual networks as much as possible. The risk is that some of this equipment, some of the operating systems they use, are old and may not be the most secure, but as long as you’re isolating them, you’ve isolated the risk.”
For companies like PureStar, mergers and acquisitions (M&A) can open areas of cyberattack vulnerabilities.
“As we acquire companies, and you see it in M&A where they have one big, flat network, they have these outdated machines, not patched, talking to the equipment,” he says. “Literally, there is no segregation, and they’re connected to the internet, open, so someone can use a vulnerability and then traverse the network to get anywhere. That’s how they’re vulnerable.”
The other area of risk, Levenkron says, comes from a scenario where a company takes over the management of a customer’s facility that’s on-premises at one of their locations.
“That’s where you could have connectivity to the customer’s network, and you just make sure you’re completely segregated,” he shares. “One, the equipment you’re managing has that same segregation from each other, and two, you want to make it clear, the customer’s granting you, in many cases, internet access. You have to be clear that it’s their responsibility to firewall that off.”
Check back Thursday to learn what data hackers could access, how they could disrupt a laundry business, and the importance of employee education.
Have a question or comment? E-mail our editor Matt Poe at [email protected].
