search
psmj-logo-white.png
A/E/C Pulse Blog

Why Construction Companies Need a Cybersecurity Plan

PSMJ Resources, Inc.
Posted on: 03/20/15
Written by: PSMJ Resources, Inc.
Topics:
Utica1

In 2009, PATCO Construction lost over $588,000 in five days. The loss didn’t come from a construction deal gone south or an embezzling employee. It happened when attackers installed a banking Trojan on a company computer.

The attackers obtained PATCO’s login credentials, password, and the answers to three security questions. They used the information to initiate illegal wire transfers from PATCO’s bank account. The bank recovered less than half of the money, leaving PATCO facing a $345,000 loss and leading to many years of litigation with the bank.

According to research from QBE Insurance Group, only 44 percent of construction companies have a cybersecurity plan, and just 26 percent of construction companies have purchased cybersecurity insurance. It’s time for construction companies — even small ones — to get serious about cybersecurity.

Why Attackers Target Small- and Medium-Sized Businesses

Many construction-business owners assume that cyberattackers have no interest in their companies. After all, they don’t store large amounts of financial information or Social Security numbers, and they’re not part of high-risk industries like finance, health care, and retail. However, as part of an increasing wave of attacks against small- and medium-sized companies, more and more construction businesses are falling victim to cyberattacks. Here are a few reasons that smaller targets appeal to attackers:

  • Weaker security. Few small companies have a strong cyber security postures, and most have no security expertise at the management level. Think about it: Someone who graduates with an MBA specializing in fraud protection isn’t likely going to become a chief information security officer for a small business.

  • Poor data protection. Many small businesses sign up for cloud software that uses poor data encryption. They also transfer their data using poorly protected Wi-Fi networks.

  • Access to clients. Small construction companies often have high-value customers, including Fortune 500 companies and government agencies. Attackers can steal login information from a small business employee and use it to go after a much more valuable target, cleaning out the small company’s bank account along the way.

  • Poor legal protections for commercial bank accounts. Commercial bank accounts don’t have as many legal protections as personal bank accounts. The law holds businesses to higher security standards than individuals.

  • Non-savvy employees. Small companies rarely offer employee training related to creating strong passwords, avoiding phishing emails, and recognizing social engineering attacks. As a result, their employees become easy targets.

Utica2

What Construction Companies Can Do
A small construction office might not have the budget for a major cybersecurity overhaul, but a few simple precautions can protect construction businesses from major losses.

Smart Password Protection
Employees can use one of two methods to create strong but easy-to-remember passwords. One method involves creating a sentence that incorporates upper-case and lower-case letters, numbers, and symbols, such as “I won $1,000 in Las Vegas last summer.” Then, take the first letter or bits of each word to create a strong and memorable password — Iw$1iLVls. Another type of strong password chains together four random but easy-to-remember words — dogenvelopedoctorraisin.

Once their passwords are set, remind your employees to change their passwords often, and remind them how important it is not to share their passwords with anyone else or write passwords on sticky notes and post them around the office.

Utica3

Email, Text Message, and Phone Protection
Even when your employees receive emails or texts containing links to legitimate-looking websites, or they receive seemingly innocuous forwards from their friends, remind them to never click the link that’s provided. Instead, they should open a new browser window and navigate to the website from the browser.

Also, if your employees receive a suspicious or alarming voicemail that sounds like it’s coming from someone important, remind them not to call the number left in the message. Instead, they should contact the government agency or company directly using its publicly available phone number.

Security Software
Installing good but affordable security software, including antivirus for individual computers and out-of-the-box small business network protection, can go a long way toward protecting construction companies. Also, verify whether cloud software offers strong encryption before signing up for an account.

Get Insured
Even small construction businesses should purchase cyberinsurance to protect themselves from lost revenue and litigation. It could save the business from catastrophic losses following a cyberattack.

 

Interested in submitting a guest article to PSMJ? Click here:

Guest Blogging

 
SUBSCRIBE TO BLOG:

Some Related Posts

November 25, 2024

Rebuilding in the Wake of Destruction: A Call to Action for the A/E/C Community

At PSMJ, we understand that our mission extends beyond simply helping our clients and customers achieve success; we are committed to making a positive impact in the broader..

Read More
November 21, 2024

SPY vs. PSMJ16

How is the A/E/C industry doing compared to the overall economy, and how can you apply stock price trends of publicly traded companies to making better strategic decisions for..

Read More
November 21, 2024

M&A Transactions

November 18, 2024 – Meridian, ID – J-U-B Engineers, Inc. is excited to announce their acquisition of Sage Civil Engineering, a highly respected firm serving public and private..

Read More