Steel your company against cybercrime
The attacks happen at a rate of one every 14 seconds.
That’s how frequently cyber criminals launch ransomware attacks on companies and government agencies.
While construction companies are not the prime target of most cyber criminals, it would be foolhardy to assume that your construction company won’t be hit with cyberattacks.
A 2019 report by cybersecurity vendor Symantec stated that one out of 382 emails exchanged within the construction industry in 2018 contained malicious content. Often, that content was an attachment or URL that could deliver malware to the recipient’s computer or mobile device, enabling the sender to gain access to your company’s network where they could steal or corrupt your data or launch a ransomware attack.
“Ransomware attacks are the most common cyberattacks, and they are constantly on the rise,” said Gina Abate, Past Chair of the Board of the Cybersecurity Association and President and CEO of Edwards Performance Solutions.“You can be the next victim… Sadly, these attackers love small and mid-size businesses for two reasons. First, they have weak security controls in place. Second, they are more likely to pay the ransom as compared to larger corporations. Whether you pay the heavy ransom or bear the loss of data, ransomware attacks can put your small or mid-size business out of business.”
And that’s only one type of cyberattack. Hostile actors online perpetrate countless incidents of spear phishing, formjacking, data theft, operational disruption, redirection of funds, social engineering and infiltration of partner networks.
Such infiltrations can give hackers access to your company’s financials, personnel data, project files and proprietary information. Armed with such information, some cyber criminals have arranged for contract payments to be diverted to bank accounts they control. Others have used that infiltration as a gateway to access more valuable targets, such as financial systems. For example, the Target data breach in 2013, which compromised the financial and personal information of 110 million people, happened after cyber criminals stole security credentials from an HVAC contractor, accessed a Target HVAC system and navigated through to the retailer’s corporate network to steal data from its point-of-sale system.
Some cyberattacks are not even financially motivated. Some hackers aim to disrupt operations in power plants, factories, transportation companies or other industrial operations. Growing automation and connectivity of construction equipment – from pavers to cranes – could create further opportunities for attacks.
Protecting your company from cybercrime requires multiple efforts.
EDUCATION: Careless acts by humans open the door to cyberattacks, so companies need to train (and repeatedly retrain) employees in good password protocols, safe internet use, phishing and other common scams.
LOCK DOWN YOUR NETWORK: Inevitably, employees will bring mobile phones, tablets, smart speakers and other digital devices to work. If those devices connect to your company network, they can give hackers a pathway into that network. Stephen Scarbrough, Senior Technical Lead for IntelliGenesis, LLC, recommends companies close their networks to unauthorized devices and replace any desired online services to employees with company-operated, secure services. “If your employees want to stream music, provide them with some sort of corporate streaming service so you can monitor it.”
FIELD OPERATIONS: Safeguard internet connections on your construction sites with equally strong cybersecurity measures and educate field staff about safe usage of laptops, tablets and mobile phones. Using public WiFi to connect to work files or even leaving a company device set to search for local WiFi can give hackers a pathway into your company’s system. Implementing proper cybersecurity takes effort. Most construction companies don’t employ cyber experts, many outsourced IT services don’t fully cover cybersecurity and the nature of cyberattacks keeps changing. So it’s worthwhile to consult with a cybersecurity expert about your company’s operations.