A cyber loss involving employee and customer information can affect any business, and your construction team is no exception. Malicious cyberattacks could impact project designs, bid data, and security system information involved in architectural proposals. The outcomes of these attacks can result in lost data, theft of personal identifiable information, and—on a larger scale—a business shutdown.
While there are several cyber risks to monitor, ransomware and business email compromise attacks are two of the most common challenges we see contractors faced within our roles at Sentry Insurance. What follows are more details about what these cyberattacks are and how you can protect your business.
Ransomware is a form of malware that encrypts company data on a specific device or across an entire network. An extortion demand is then made by the attacker. To put this issue in perspective, the average demand made by attackers in the second quarter of 2020 was $178,254, per the Coveware Quarterly Ransom Report.
According to a recent report by Sophos titled The State of Ransomware, the most common attack methods include:
- File downloads or malicious links through email (29%)
- Remote attacks on a server (21%)
- Malicious email attachments (16%)
Business Email Compromise
In contrast, business email compromise (BEC) is a form of cybercrime that leverages email methods to trick victims into transferring money or other goods to a perpetrator instead of the intended recipient. The FBI recently indicated that BEC attacks are expected to increase during the COVID-19 pandemic, however they’ll remain a threat to your business long after.
Signs of a BEC attack usually start when a member of your team receives an email that appears to be from your company or one of its partners. In the email, a cybercriminal, posing as a business contact, would indicate an urgent matter that requires an employee to transfer funds to an altered bank account. The account would then divert funds to the criminal instead.
Proactive Safety Measures for Cyberattacks
The growing number of cyber risks may feel daunting, but there are several ways to protect your business from these cybercrimes.
Limit which employees and partners have access to your system, and promptly terminate credentials for ex-employees or subcontractors. Hackers can gain access to third-party information through subcontractor access, like this 2013 data breach through internet-connected HVAC systems.
- Ensure your anti-virus software is updated.
- Encrypt your data and use VPN networks.
- Implement and test a data backup and recovery plan.
- Maintain copies of your sensitive or proprietary data in a separate and secure location, preferably offline or with a trusted cloud solution.
- Invest in an intrusion detection system to monitor signs of malicious activity.
- Conduct regular scans, penetration tests, and vulnerability assessments.
- Train your employees to identify phishing attempts. Test them occasionally to maintain awareness.
- Require a verification process for monetary or confidential information transfer requests.
- Identify the most critical data assets and create a data breach response plan.
The tips above will help prevent and reduce cyber risks, but don’t forget to speak with your business’ local experts and protect your construction business prior to a successful attack. Consider including a cyber liability policy in your strategy to reduce the impacts of an attack, while helping your team recover faster.