Small to midsize businesses might assume hackers won’t bother with them. But construction companies of any size are indeed a prime target for cybercriminals.
In fact, construction was the top industry hit by ransomware attacks between 2020 and 2021, according to a report by NordLocker. The encryption software firm analyzed 1,200 companies across 35 industries that have fallen victim to ransomware.
More recently, U.S. government officials and cybersecurity experts have warned about a potential increase in cyberattacks originating from Russia following the country’s invasion of Ukraine. Smaller companies with limited IT resources are especially vulnerable. Here are six ways to fortify your cybersecurity defenses:
1. Conduct regular cyber risk assessments. Evaluate your systems to ascertain the types of data your staff generates and processes and where it’s stored. From there, you can implement the latest protective steps. Because technology changes rapidly — as does the sophistication of cyberattacks — follow these procedures at least annually.
2. Educate employees. Ensure every staff member knows how to properly use technology, handle confidential information and report cyberthreats. Provide targeted training on dangers such as phishing, malware (emails or other messages with suspicious links or attachments) and ransomware. Cybersecurity training should also occur as part of new-hire onboarding, whenever a new device is issued and at least annually as a refresher.
3. Use multifactor authentication. Every device, system and app should be password-protected to prevent unauthorized access. However, the latest standard is to require multiple credentials, such as a password and a numerical code, to add another layer of security. Many insurers are enforcing this standard by requiring it for cybersecurity insurance. If your construction company’s employees use personal devices at work, instruct them to use multifactor authentication as well.
4. Keep software updated. As updates and patches are released, be sure they’re immediately downloaded onto your construction business’s systems and devices. And, again, if your workers use personal phones or other devices on the job, train and remind them to check for and download updates as soon as they become available.
5. Erase hard drives before disposal. Laptops, mobile devices, tablets, and even some printers and copy machines hold sensitive data and must be fully wiped before disposal. The same goes for leased equipment before returning it.
6. Look into cybersecurity insurance. This coverage is designed to mitigate losses from a variety of incidents, including data breaches, business interruption and network damage. At minimum, a policy should cover liability for data breaches involving sensitive customer information, such as credit card numbers and driver’s license numbers. Like any type of insurance, cybersecurity coverage should be purchased only after careful due diligence and within a sensible budget.
The content featured in this article originates from our bi-monthly Contractor Newsletter. Subscribe below and stay in the know.