Today's Guest Article Is From Justin Havre
The construction industry has long been a target of criminal activity. The theft of tools, equipment, and supplies is an issue both large and small companies need to deal with in some way. Many construction companies have responded with greater on-site and perimeter security, equipment tracking devices, video cameras and more. But what can these businesses do when the target of criminal activity isn't the physical job site?
Like other industries, construction companies are now facing the increasing threat of cybercrime. Why are construction companies being targeted? Why are some companies more vulnerable than others? The following information can help shed some light on these issues, give examples of cybersecurity threats, and outline the steps that can be taken to make a construction company more secure.
Why Construction Companies are a target for cybercriminals
It may be easy to see why retailers and financial services companies may be the target of cybercrime, but why construction companies? Construction companies, even smaller ones, deal with large purchases and financial transfers on a regular basis. Today, many of these purchases and transfers are conducted digitally. Construction companies deal with multiple suppliers and many different individuals and representatives. Many such relationships are often relatively temporary and short-term. Cyber-criminals know that — with so many transfers, such large amounts of money at stake, and less personalized transactions — construction companies may be laxer in verifying who they are dealing with.
Contractors may not fully appreciate how much data they have access to and how valuable that data is. Company servers and computers may hold information involving project bids, proprietary designs, profit-loss statements, financial records, and personal employee information. In addition, they may have sensitive data regarding past or current projects and clients.
Additionally, there are a number of small construction business owners who are relatively easy targets for cybercrime. They may lack the resources for a full-time IT person and may not view themselves as a potential target. The right data in the wrong hands, however, can pay big dividends for cybercriminals and huge headaches for construction companies, no matter their size.
Reasons for vulnerabilities
There are reasons why cybercriminals may find construction companies vulnerable. First, contractors frequently operate out of temporary on-site trailers with less secure networks than they may have at their home offices.
Some companies have a "bring your own device" (BYOD) policy, allowing staff to use their own laptops, tablets, and smartphones while accessing their network and data. This can create a host of problems from devices that may already contain spyware or malware.
The nature of the business requires data and networks to be accessed by a number of people of differing disciplines. There are designers and architects, clients, suppliers, and construction staff that may have some level of access. This too can add to the challenges of maintaining data integrity. A high turnover rate internally can make security more problematic as well, as some employees may unknowingly take a "bug" from one company to another.
Examples of Cybersecurity Threats to Construction Companies
Digital crime threats to contractors generally fall into one of two broad categories. The theft of data can result in financial loss or identity theft. Valuable files, data, and drawings that are stolen can be held for ransom.
Cybercriminals will use a variety of tactics to accomplish their mission. Common practices include:
- Phishing – Phishing is using malicious emails in an attempt to get the user to click on a link or inadvertently download a malware program. These emails and links are often cleverly disguised to appear to be legitimate.
- Malware and Viruses – These are programs intended to be downloaded to a computer or network, often by clicking on a link and downloading/executing a file. These programs may be simply destructive or used with the intent of extorting money from the victim.
- Ransomware – These programs are designed to lock up certain systems or files of your computer or network until a ransom has been paid to the cybercriminals.
- Password Hacking – Criminals will often use programs to make multiple attempts to determine passwords, trying different combinations until successful.
Steps to becoming more secure:
There are some basic steps that construction companies can and should take to better protect themselves.
- Firewalls – Companies should protect their networks from unauthorized access through a firewall. A firewall serves as a barrier, and can also be used to limit access to certain files and potentially dangerous websites.
- Use Secure On-Site Wi-Fi – It can be well worth the time and effort to set up your own password-protected Wi-Fi connection on a job site. Sharing a network can make your data much less secure.
- Install Email Threat Detection – This notifies users that an email contains potentially dangerous malware or has the characteristics of a phishing attempt.
- Training – Perhaps the most important step in preventing cybercrime in construction is keeping those who have access to networks properly trained and aware of potential threats. All of the security measures in the world won't make a difference if someone simply gives away a password or opens a malicious file. If there are any doubts as to the identity of an email sender, verify with a phone call. Never click on links users may be unsure of. Increase the difficulty of passwords, using upper and lower case letters, numbers and symbols.
Cybercrime can be costly and cause delays. Construction companies have a responsibility to themselves, their clients and their employees to ensure data is secure. Taking a few simple steps can greatly increase company security and peace of mind.
About The Author:
Justin Havre is the team leader and owner of Justin Havre & Associates. As criminal activities like wire fraud have increasingly targeted real estate and other industries alike, Justin likes to educate others on how they can keep their businesses and their clients safe.
Recommended Reading: Like this post? Check our past blog posts related to this topic.
Access Code: FEAHEROS
Simply scan the QR code or search for ‘MyAccountants’ in the App Store and enter the Access code: FEAHEROS to utilize the powerful App features and capabilities, and benefit from having our Construction Accounting App at your fingertips, 24/7."
PS: Even if you are not a Construction Contractor you will find a plenty of benefits in the app so we invite you to download it too! It's Free so why not?