Cybercriminals are after one thing: money.
To take money out of your organization, all a good hacker needs is an opening – just a sliver of an opening – to your data. As a player in the construction industry, you have more than enough data (and access to cash) to be an appealing target.
Why Are You a Target?
The construction industry has always had to protect itself against physical threats like vandalism and theft, but cyberthreats can be just as damaging. In recent years, hackers have singled out the construction industry as ideal targets for a few specific reasons. First, construction projects are high-dollar ventures where cash moves frequently. The monetary incentive is hard for hackers to ignore. Second, high personnel turnover can be difficult to manage. The high volume of personal and sensitive information that you hold (like social security numbers, names, addresses, and passwords) can be difficult to protect. And third, there is increased use of mobile devices, and wireless devices used to capture various datapoints for real-time analytics. Setting up systems protections at each new building site can be burdensome.
What Hackers Want and How They Get It
To hackers, sensitive and personal data is the same as cash. Your workers’ tax, payroll, and personal information can be sold; your clients’ credit card data can be auctioned to the highest bidder; and the sensitive matters you discuss with your business partners can be used as fodder for blackmail.
Cybercriminals have advanced tricks up their sleeve to get this information.
Money that’s in transit will be tempting. Frequent wire transfers, ACH payments, and online banking dealings will attract hackers.
If simply stealing money isn’t an option, cybercriminals can manipulate your workers into transferring them money or giving them access to your systems. Phishing, pretexting, and baiting are social engineering schemes that cybercriminals will use to coerce your employees.
Good, Old Fashioned Hacking
Sometimes, cybercriminals choose to simply barge their way into your systems. If they can breach your security defenses, they can install Trojan software to take control of your computers, worms that will self-replicate to take over your network, or spyware to monitor future keystrokes.
First things first: perform a risk assessment. If you are aware of your vulnerabilities, you will know how to shore up your defenses.
Once you know your risks, look for the simplest solutions. Often, hackers will move on from your systems if they see that you are actively protecting them; they know that they can find easier targets elsewhere. Some simple fixes are:
- Update systems and patch software regularly
- Employ two-factor authentication
- Require password complexity
- Restrict access to your key systems to only certain workers
- Review administrative privileges regularly
- Provide your employees with cyberattack awareness training
- Purchase cyber insurance
- Get buy-in from all leaders of your organization
Global cybercrime is at an all-time high. According to a study by the Center for Strategic and International Studies, it is estimated to cost businesses up to $600 billion each year. For help in developing an action plan to mitigate your risk, please contact a member of the LaPorte Risk Advisory Services team today.