Data breaches and cyber-attacks have been increasing at an alarming rate both in volume and in size. The targets for these attacks have also evolved and according to Construction Dive, construction companies are increasingly being targeted for their floor plans, security system designs and server locations. Additionally bids, customer lists, contracts, and customers’ and employees’ confidential information, such as billing and payroll is also targeted and subsequently lost through data corruption and cyber ransom.
Although you don’t normally hear about construction company security breaches in the headlines, but rather hear about large, high-profile breaches, such as the Target security breach of 2013 which cost Target $148 million and the banking institutions an additional $200 million, construction company breaches can be just as devastating to the company due to their size. Jay Shelton, writer for Construction Business Owner, said these security breaches are substantial enough to put a small to medium sized construction company out of business as critical data is lost.
What has increased the risk for construction companies to become targets? Constructor Magazine believes it is due to the type of competitive projects these companies aim to deliver, which are highly dependent on many forms of technology to complete and require close working relationships with vendors, subcontractors and clients. The data is shared and stored on multiple servers, making it more difficult to ensure security.
In 2014, there were over 117,000 cyber-attacks per day, which was up almost 50 percent from the previous year. If a computer is being used at the business, there is a risk involved, and if your company becomes a target and security is breached, it could cost the company almost $750,000, according to a report by Kaspersky Lab.
To lessen the risk of a cyber-attack or security breach, Business to Community suggests the following steps:
- Create an internal policy: Studies have found that the front door to a cyber-attack is opened 90 percent of the time by employees of the company. At the time, they are unaware, but the majority of hackers can retrieve data just by an employee clicking on a fake link that breaks down the security codes.
- Learn from the past: Look into past companies that have already experienced a cyber-attack and see if there were particular measures taken that could relate to your company.
- Keep all systems updated: Multiple notifications come through during the year asking for computers to be updated to the most recent version. The easiest piece of advice given is to always update your systems.
- Use cloud services: For small and large companies, cloud services are worth the monthly subscription. The cloud takes the form of a security expert and can backup all your data.
- Create unique passwords and change them often: When creating logins for your software, be sure to make up passwords that have no relation to you or your company. Those will be the first to be tested out.
Additionally, increasing employee awareness, hiring a security expert and knowing what not to do also make the Business to Community list. Be sure to review the full list and remember that just because you own a small company does not mean it won’t be a target for cyber-attacks. Small businesses are targeted more and more because hackers assume they have not implemented the necessary security measures.