Ransomware targeting construction firms
Category : Business | Cybersecurity | Posted : Dec 15, 2021
While most medium-size construction operations are deeply reliant on technology, investment remains low compared to other industries. Over the years, we gained insight into some of the common problems with regards to IT that plague the sector, and we have some simple and easy to implement solutions to help navigate these challenges. IT is perceived as a general expense Technology needs to be valued as critical to success. IT can drive operational efficiency, market competitiveness and innovation (drone video of job sites, remote tablets for ERP etc.). Consider how technology can scale your business. Reliance on break-fix IT or an internal employee with little formal training (i.e., Controller / IT Manager aka “the slash”). The break-fix model of IT management is not a sustainable way to run a business. This approach does not include long, medium, or short-term planning or budgeting. If you are managing IT in-house, get an outside perspective. You need to be aware of risks of any size. An outside perspective can come in the form of a third party IT assessment. Break-fix IT management is as it is named: something stops working and the user contacts the IT company or person that they have on call or on staff. Break-fix is a putting out fires practice that leads to perpetual problems popping up, technical debt, as well as employee churn, poor productivity, and a lack of process. IT is an integral part of almost all businesses and a lack of process results in many business risks including cybersecurity. Minimal employee cybersecurity awareness training It is our recommendation to offer up-to-date cybersecurity training to all office employees. Consider the risks and ask yourself: Here is an interesting perspective. Construction businesses are taking their time getting up to speed with IT. Yet, if you consider that 100 years ago the nail gun, circular saw, and cement mixers didn’t exist. These are important tools to the trade. The advent of these products was considered “technology” when first introduced. IT is no different, this is especially so with construction-specific software, communications, document storing, sharing, and viewing and so much more. The shift: Technology is making the construction industry much more connected The construction industry is now starting to make the shift towards technology and automation due to the rapid growth in communication and document sharing, data and use of the internet on-site. An increasing number of tradespeople are using portable technology out in the field. These technologies are transforming planning, design, construction, operations, and the maintenance of the building process. With good technology investment the impact is positive on outcomes of projects in terms of time, costs, quality of work, and overall productivity. Keeping up with the shift toward digitization is important. Automation to do with robotics, 3D printing and better made tools will propel the haves forward and leave the have-nots behind. Cybersecurity specific to the construction industry Cybersecurity is currently the major concern. Industry research and studies have proven that there continues to be a major under investment in training and dollars directed toward security. Although hardware, software and how one connects to the office or the internet all matter, the primary weakness in cybersecurity is in the ability of the user. There happens to be a long history of under investment in this sector towards technology, and training. Cloud-based email breaches cost the North American construction industry over $2 billion during 2018-2020. Besides password compromises, there are several other tactics that hackers use to infiltrate companies. They include: E-mail phishing. Techniques include email spoofing, where fraudsters pose as trusted email senders asking recipients to click on links enabling them to gain access to data. Domain name impersonation. Attackers purchase a domain name similar in appearance to a company’s or vendors. Changing one letter to a similar number is a favourite go-to practice currently. View email addresses carefully. Name dropping. Bad actors will create email addresses that appear to be a CEO’s personal address, then ask an employee, for instance, to buy gift cards to a given address. Unauthorized access. Hackers gain unauthorized access to a company or vendor email and use the compromised legitimate mailbox to send email messages. The hacker is in control of the outgoing messages being sent. This happens all the time and can be costly. Password guessing. Hackers possess tools to guess passwords. Hackers know and try common passwords like Superman123. Remember the Ashley Madison hack several years ago? The top passwords were, Superman, Superman123 and the top-three were, “123456,” “12345,” and “password.” Many of the hacks and breaches have originated from users not being vigilant with passwords, clicking on bad email messages or careless connectivity when out in the field.
Custom GPTs: Revolutionizing Operations for SMB’s
In today’s fast-paced digital economy, small and medium-sized businesses (SMBs) are constantly seeking innovative solutions…
Learn To Utilize AI Safely And Effectively
Utilizing artificial intelligence (AI) can significantly boost your team’s efficiency, creativity, and output. However, adopting…