From Accessing and Locking your Computer Network to Stealing Private Information, Cyber Hackers are Targeting the Construction Industry

If at any point during the work day you connect to the internet, you and your company are at risk of a cyber- attack that could destroy your business.

In a survey by the Ponemon Institute, it was discovered that 55 percent of small businesses, including contractors, have experienced some sort of recent breach. This number is only set to increase in the years to come.

What Does this Mean for Organizations within the Construction and Contracting world?
Many people are still under the assumption that the construction industry is not at risk for a cyber-attack because cyber criminals are only looking for personal information, such as credit card data, that construction companies do not usually keep on record. This is no longer the case.

In regards to the construction industry, hackers can bring projects crashing to a halt by infiltrating computer networks that hold information that is critical to the company’s operations. Examples of the types of information that are attractive to cyber-attackers include:

  • Blueprints and project plans
  • Trade secrets
  • Employee information including benefits packages
  • Financials and payroll
  • Vendor and third-party data

Previously, members of the construction industry did not believe that a cyber-attack could happen to them. But now it doesn’t matter how valuable their information is for cyber criminals selling on the black market. It now only matters how valuable that information is to the company itself.

What Happens When You Realize You Have Been Attacked By A Cyber Hacker?
You turn on your computer to pull up project details and it turns out your network has been shut down by a cyber-criminal who is now holding your data for a ransom that you cannot and do not want to pay. What happens next? There are a couple of things that can happen:

  • OPTION 1: You pay the ransom. There is no guarantee that this will unlock your information. Additionally, it doesn’t reverse the impact of stolen information. You might have your own data back, but you still have to notify everyone who could have been affected about the details surrounding the attack (it is against the law not to notify those affected in 46 states).
  • OPTION 2: You contact a computer information systems technology expert to unlock or regain your data. Sure, this may work to recover your information. But, it is VERY costly. It may be even more expensive than paying the ransom.

    Rob Coppola, Senior Account Executive & Manager at Lawley Construction Insurance, says “In 2017, we had a client get hacked. A local construction company based in Buffalo, NY, found out that they were shut down by a cyber-criminal when suddenly all of the information on their computers was being held at ransom for $15,000. This situation literally stopped all of their ongoing projects and halted the entire company. Because they did not want to pay the ransom, they ended up having to hire an outside IT specialist. Having the specialist come in was even more expensive than the ransom. They got their information back, but suffered a loss of time and revenue because of the attack. Plus, they had to make all affected parties aware of the attack.”

How Can You Defend Your Company from a Cyber Attack?
There is no way to completely prevent your network from being compromised. There are certain steps you can implement to help amp up your defense.

  • Keep all of your own technology updated. And, check out your third-party vendor’s software as well. From anti-virus programs to computer servers, all technology and software related to your network should be reviewed annually. This ensures all protections are up to date and doing their job to keep your data safe. In 2013, Target was the victim of a cyber-attack. It was later found that Target’s breach could have been prevented if their HVAC contractor hadn’t let their anti-virus software expire.
  • Educate your employees. Most hackers are able to get into your network because of employee/human error. What is human error? A prime example is clicking a link in an email that turns out to be a “phishing scam.” Emails phishing for information are difficult to spot, so it is important to train and educate anyone working or emailing from your network on how to notice malicious phishing schemes.
  • Protect your company with cybersecurity insurance. Because cyber criminals are relentless and are constantly searching for a weak spot in your defense against them, one of the best defense options is to purchase cybersecurity insurance. Having this coverage can help you recover from an attack in many ways, particularly in regards to your finances and reputation. At Lawley, we have a team of insurance professionals who know how cybersecurity insurance specifically affects the construction industry. By putting coverage in place you can protect your data, projects and reputation.

Don’t let your company collapse because of a cyber-attack. Put a proactive plan in place to keep you and your assets protected. If you need help, give the team at Lawley a call. Our construction and cyber security professionals know your business inside and out, so we can protect you from every attack, cyber or not. We’ve been able to help clients bolster their defenses and guide them through what needs to happen after a cyber-attack has occurred.