Your success as a construction firm depends on more than what you build for clients. In addition to providing an ideal service, you also have to be careful to protect your firm from worst case scenarios. IT is a fundamental part of your business, but without effective planning and expert assistance, it’s left vulnerable to a range of threats.
Brainlink’s Raj Goel spoke on this vital topic on June 28 at New York’s infamous Friars Club to members of the construction industry. Talking about how contractors and other firm members can better protect their businesses, Raj provided key insight into developing a reliable cyber defense against modern threats.
The fact is that firms in the construction industry are targeted hundreds of times each day by hackers that are looking for vulnerabilities in their systems, and this isn’t necessary high-level work either. The most exploited vulnerabilities are often the most basic, such as out of date software, default passwords, and untrained employees.
So just what are the key threats to construction industry firms like yours? Raj provided a comprehensive overview:
- Ransomware: You heard about WannaCry, right? What about Peyta or Cryptowall? Ransomware is becoming more and more common every year, and it’s not going to stop anytime soon. That’s why a comprehensive backup solution (onsite and in the cloud) is the best defense.
- Weak Passwords: It sounds basic, but to this day, people continue to use weak passwords – yes, even at your construction firm. You can make it easier for them by implementing two-factor authentication (Duo, Google Authentication, etc.) and a password manager such as Lastpass Enterprise.
- Outdated Systems: Despite warnings from the industry experts and even the developers themselves, some firms continue to run Windows XP, Windows Server 2003, Windows Vista, outdated OSX, Timberline 13.x, etc. The plain truth is that an outdated system is, in most cases, indefensible.
- Outdated Security Practices: It occurs more often that you’d think – old hardware, shared and repeated passwords, or passwords that are essentially left out in the open or stored in Excel, Word or Outlook, etc.
- Lack of Security Reviews: Regular reviews are an expectation when it comes to your taxes, your prostate, and even the condition of your toothbrush – shouldn’t the same logic apply to your technology? Make sure you get your IT systems reviewed at least once every 18 months.
- Too Much Trust: Not too long ago, Target was hacked through their HVAC vendor – instances like this are why it’s so important to treat third-parties carefully. They should only be given the access that they need, even if that means refusing to give them the password to your Wi-Fi when they visit onsite.
- Smart Devices: Despite being “smart”, this new line of technology often makes it easier for the user to be hacked, whether it’s a smart TV, conference room systems, lights system, or otherwise. It’s vitally important to make sure smart technology is quarantined to a separate network.
- Status Quo: This is often the biggest threat to any business, construction or otherwise. Users fail to keep up with hackers because they’re comfortable relying on the way they’ve been doing things for the past three, or five, or ten years.
Does this all sound blown out of proportion? Consider Patco Construction Inc., a Maine-based firm that was infected with a custom-built Zeus Trojan virus and subsequently robbed of nearly $600,000. Eventually, their bank recovered $243,000 but Patco was left with a $345,000 tab, and had to deal with three years of lawsuits before the case settled. Patco was dragged through three years of lawsuits by their bank before the case settled.
“We had hundreds of thousands of dollars in legal fees,” said Patco co-owner Mark Patterson. “So even after we got the $345,000 back, we lost hundreds of thousands.”
So what can you do about it? Keep Raj’s top seven tips in mind when it comes to improving your firm’s security:
- Enable Two-Factor authentication and a Password Manager to mitigate weak passwords and poor password practices.
- Test and improve your Disaster Recovery and Business Continuity plans on a regular basis.
- Keep an eye on your money by enabling real-time alerts on your banking activity. You should be informed whenever something happens with your finances.
- Upgrade your IT so that you’re not outdated or unsupported.
- Insure your business
- Educate your team to recognize hacking schemes, maintain security best practices, and above all else, use common sense!
But that’s only six tips… the seventh? Engage with an experienced, expert partner. Maintaining an optimal condition for your IT environment is often too much for any firm to handle on their own, but as many smart firm owners have realized, there is a better way. Partner with Brainlink today.
Don’t let the latest cybercriminal threats affect your business. Start shoring up your digital defenses and security practices right away by getting in touch with Brainlink at (347) 460-2238 or firstname.lastname@example.org.