Learn the best practices to thwart common cyberattacks and what to look for in future threats
In part one of this two-part blog series, Viewpoint looked at a real-world example of a data security breach at a construction company, the steps that company took to get through the attack, and what it did to protect itself moving forward. Now, they share some construction cybersecurity best practices and insider tips on what to be on the lookout for.
A recent report by IBM Ponemon found that 74% of organisations do not have a security response plan ready in the case of a cybersecurity attack. This puts companies at a significantly higher risk of falling victim to cyber criminals. The construction industry is #3 on Safety Detective’s list of industries that are currently suffering from the most ransomware attacks. In our recent webinar, ‘Cybersecurity in Construction’, Mike Dooley, Viewpoint’s information security officer, sat down and discussed security best practices that every organisation should consider.
Best practices for construction cybersecurity
Having a plan ready for a potential cybersecurity threat can lower the probability of a successful attack.
Many organisations that have cyber insurance think they are fully protected from a cyberattack. However, this is not the case. Construction organisations need to be doing everything they possibly can to lower the probability of a successful attack.
By planning ahead and investing in proper security, costly business mistakes can be avoided. Here are four things your organisation can do right now to slam the door on cyber criminals:
Stop taking the bait:All it takes is the click of a wrong link or attachment for ransomware to be downloaded to a computer. Make sure to triple check all emails for strange email addresses, URLs or requests. If anything seems fishy, send it to your IT department to have checked. Continuous training: Build and train a company that is constantly thinking about data security. Employees should be looking out for threats as they open every email, visit every website or perform any action on their computing device. Hosting training sessions and showing employees exactly what they should be looking for is a great step towards avoiding cyberattacks. Passphrases not passwords: Breaking employee passwords is one of the most common ways for cyber criminals to access company data. To increase security, it is recommended that employees use an entire phrase when creating a password. Including spaces between a minimum of four words is a great start but to make it even more complicated, try adding in characters, numbers and case-sensitive words. By lengthening and complicating this form of security, hackers will have a much more difficult time getting through Multi-Factor authentication: MFA on high value assets is a must! Enabling this feature on all assets is ideal, but at the least, make sure all high-security logins require employees to verify their identity in more than one way.
When a cybersecurity attack occurs, time is of the essence. Cyber criminals are known for attacking companies more than once, especially when the company was easy to exploit the first time around. Any company that does not have a plan in place is only making the hacker’s job that much easier. Remember that something is always better than nothing.
What’s next for ransomware?
There are multiple topics your organisation should be aware of in 2021.
There are many avenues that criminals must breach to obtain personal and business data, from phishing schemes to wire transfer and invoicing fraud to malware on computing devices. Yet ransomware is one of the most commonly used tactics against businesses.
Here are five ransomware topics to be aware of as you make your way through 2021: