There are very few industries that have been around as long as the construction industry. Mankind has been building shelters ever since the stone age. Today the business of building is as far away from those first shelters as we are from our neolithic ancestors. Instead of worrying about how to best arrange stones to keep safe from the elements (and predators), modern contractors have to worry about protecting themselves from entirely different kinds of threats.
A Modern Day Construction Problem: Cyber Threats
On any given day, news of a cyber threat can be found on our Twitter feeds, in our inbox, or on TV. From hackers claiming they’ve breached NSA data to worldwide ransomware attacks to smart TVs being turned into listening devices in our home, cyber attacks keep getting bigger and badder.
No industry is safe from cyber threats, and that includes the construction industry.
If you haven’t taken cyber security seriously, here are 4 threats that you should watch out for in your construction business.
If you got an email message from your bank or another institution that you do business with, would you think twice before clicking on it? Most people don’t which is why phishing scams are so common.
The 2013 hacking of Target was traced back to a small HVAC contractor that provided services to the retail giant. Hackers were able to access Target’s network after hacking the HVAC contractor, and the breach likely initiated as a phishing attack. An employee likely opened what seemed like a legitimate email, opening the virtual door for hackers.
Phishing emails look like legitimate messages from banks, credit card companies, or even Facebook, Google, or Amazon. The email typically directs you to a copycat site where hackers collect your login data, personal data, account info, or even access your contact list.
You can avoid becoming a victim of a phishing scam by looking for red flags in emails, such as strange or misspelled email addresses. If an email sounds urgent and is asking you to take action, reach out to the person or company (via phone or email) and verify its legitimacy before taking action.
Malware, Particularly Ransomware
Malware is a term for “malicious software” which can take the form of spyware, viruses, and ransomware (to name a few). Malware can find its way to your computer when you open an email attachment, click on a link, or download something from a compromised website.
One particularly nasty form of malware is ransomware, a type of malware that can lock up your system and hold your data ransom until you pay to have it removed. Crypto-ransomware encrypts your files and demands a payment to provide the decryption key.
The best protection from malware continues to be the usual advice: be careful about what email attachments you open, be cautious when surfing and stay away from suspicious websites, and install and maintain an updated, quality antivirus program.
Avoid ransomware and other malware attacks by keeping your operating systems, browsers, plug-ins and security software up-to-date.
POS and Mobile Payment Attacks
Do you take credit cards from customers? Hacking attacks against POS (point-of-sale) terminals are still on the rise, despite adoption of EMV (chip) card technology.
Smaller businesses may turn to mobile payment options, such as the Square Reader, which allows you to accept credit and debit card payments from your cell phone or tablet. Mobile card readers and other technological advances in payments, such as mobile wallets, aren’t impervious to attacks.
If you accept credit card payments from customers via traditional POS, mobile card reader, or other method, be sure you’re protecting your customer’s information.
- Always change the default password on your POS system; use a strong password that can’t be guessed.
- Keep POS systems up-to-date.
- Upgrade to an EMV (chip) system, rather than a magnetic stripe reader.
One cyber risk that contractors should look out for is the increased risk of data breach from adopting Building Information Modeling (BIM) and other file sharing initiatives. The digital collaboration and file sharing nature of BIM creates a security risk; hackers could access architectural designs, security system information, financial information, and personal employee information.
Hugh Boyes, cyber security lead at the Institution of Engineering and Technology (IET), told Construction Manager Magazine that all businesses in the construction sector need to start seeing data and information as a physical commodity that needs to be protected. “Companies need to start thinking of information as a major asset. Within the construction industry I would say they haven’t quite got there yet.”
Best Practices to Avoid Cyber Attacks
While not all cyber attacks can be avoided, you can minimize your risk by following some best practices:
- Install security software on company servers and computers that offers real-time protection.
- Keep security software up-to-date.
- Make sure firewalls are enabled and updated.
- Secure the Wi-Fi network at the office and on jobsites. Encrypt the wireless signal and secure the router with a password.
- Regularly backup data with a trusted cloud storage provider.
- Train employees on cyber security policies and practices.
- Add cyber liability protection to your contractor insurance policies in case of a breach.
Hackers are thinking of new and innovative ways to disrupt industries and make a buck faster than new construction homes are selling in California. While there’s no surefire way to prevent all hacks and cyber attacks, being diligent and treating data as a valuable company asset can go far. The last thing you want is to go down in infamy as the contractor whose hack led to the breach of a world-renowned company, or to deliver the news to your customers that you’re responsible for their personal information being stolen. It’s a brand new world full of exciting technology that’s changing the construction industry, and that means the added responsibility of keeping hackers at bay and your data safe.