The #1 Reason Your Construction Company May Be Hacked This Year
According to the 2018 Maryland Construction Industry Survey, only two out of ten contractors said their computer system had been hacked, infiltrated by a virus or otherwise compromised during the last year. That’s good news, right? We’re not so sure.
The more meaningful statistic might be that eight out of ten contractors say they haven’t been hacked. But how do they know? The fact is, they might have been hacked, but they just don’t know it yet. One survey on cyber security trends indicated that hackers dwell on a network for an average of 40 days before being discovered. How scary is that?
You may think that threats come from evil hacker masterminds lurking in dark corners of the internet to exploit your confidential information. If this is you, be prepared to be shocked. The real threat to your construction company’s sensitive data is you and your employees.
Why Would You Let A Hacker In?
The reason so many employees are letting hackers in is completely innocent. Employees (and their employers) think they know how to avoid spam emails or bad sites, but hackers are getting more strategic. If you don’t know what to look for, you could be a victim of a hack without even knowing about it. All it takes is one click on a suspicious email.
Hackers don’t discriminate either. Whether you’re a CEO, field manager, or temporary worker, you’re a risk to your organization’s network security. That’s because a hacker only needs to get into a single computer system to gain access to loads of information.
Don’t believe us? A recent study from IBM found that 28% of all hacks worldwide are due to human error or negligence. Considering that there are an estimated 300 million hacking attempts per day, that’s a lot of hacks that could be avoided.
Hackers have a few trademark methods of getting to you. Understanding them is the first step to preventing an infiltration or ransomware attack.
The Hacker’s Playbook
There are several ways malicious entities can get into your construction company’s system. Here are the most notable ones:
Phishing scams are getting increasingly difficult to spot. Phishers will create email offers, like this one for free pizza, and ask the user to click on a link in order to get the offer. Once you click the link, the scammer will upload malicious software to your computer or steal your credentials.
Spear phishing scams are more personalized than phishing scams. It’s the same concept, but spear-phishers will send emails on behalf of your contacts in your inbox. This way, it’s easy to fool the email recipient into thinking that the sender is trusted.
Untrustworthy websites with links to spam can entice some click-happy employees. Spam websites can trigger malware downloads or nasty viruses. Unfortunately, antivirus doesn’t always protect you either. We always tell people to check the URL of the website. If it starts with http rather than https, then think twice before clicking.
Malicious users (a.k.a. “criminal insiders”) will voluntarily leak information about your company to hackers on the dark web. The first response many organizations have to this is, “I trust my employees” or “my people wouldn’t do that to me.” According to IBM’s survey, 47% of hacks were due to malicious users. We’re not saying every employee is bad, but this does mean that you should be protecting yourself from an insider leak.
How Can You Protect Yourself, And Your Construction Business?
The best way to keep your network secure is to educate yourself on security best practices. Here are a few to keep you out of a hacker’s line of fire:
Stay educated on the latest threats. Widespread threats can be mitigated by staying informed. Hackers know that you’re monitoring your email for specific topics. They’ll use relevant topics to get your click. Here’s an example of how scammers get creative during tax season.
Keep your user permissions conservative and updated. Make sure that your employees only have access to the information that they need. Putting too much information in the wrong hands can be catastrophic to your construction company’s security.
Train employees on safe browsing habits. Our IT specialists have shared some uncomfortable stories about what they’ve found on clients’ browser history. Send out a quick memo, or go through a training session with your employees so they know what’s safe and appropriate to search on your work computer and what is not.
Utilize complex passwords and change them every so often. The best practices around how to handle passwords have changed. If you're using the same one you’ve had for years, that's a bad idea. However, it's no longer recommended to change them too often. They should be more complex than Password1, but not so complex that you can't remember them.
Frequently backup your data. If malware gets ahold of your system, it’s a smaller issue if your backups are up to date. If you haven’t checked on your backup in months, or you don’t even know if your UPS system is working, you need to chat with your IT provider ASAP.
Talk to your IT support group. If you already work with a managed services provider, you should have nothing to worry about. If not, your local IT group will be happy to talk to you about security best practices and recommend solutions that will keep your construction company secure.
For many construction owners, it’s not a matter of if you’ll get hacked, but when. Contact our team here or call 410.685.5512 to pinpoint where a hacker can get into your network, and find out how to prevent it.
About Bill Walter
Bill, our lead networking guru, loves showing clients how technology can be worked into their existing processes to improve efficiency. His expertise includes high level planning for internal and external networks, research and selection of hardware and software products, and hands-on installation and configuration of networks. Normally a pretty easygoing guy, Bill thinks there should be a law against wearing a Bluetooth headset when it’s not in use.