Why Construction Companies Should Educate Employees About Cybersecurity

The construction industry is not immune to cyberattacks. Why cybersecurity is important and what your construction firm can do about it.

March 15, 2021
David Lukić
Why Construction Companies Should Educate its Employees About Cybersecurity
Adobe Stock Images | By sveta

During these turbulent times, every company should be concerned about cybersecurity. One of the best ways to ensure your safety and that of your staff is educating your employees about cybersecurity dangers and best practices. A lot of businesses do not think they need to be worried about hackers and cybersecurity. Unfortunately, the construction industry has a reputation for lagging behind in terms of security and education regarding current threats. Skip forward and read about real-life examples where hackers targeted construction companies.

The average cost of a data breach in 2020 was $150 million.

Construction companies hold a lot of valuable information that hackers would love to get their hands on. A data breach could mean losing customers, destruction of your reputation, and even financial ruin. Most companies could not afford to take that chance.

Examples of the valuable data that scammers may target:

  • Employee information, including social security numbers or bank details for direct deposit
  • Big data
  • Material pricing
  • Company financials (profit/loss)
  • Designs or blueprints
  • Bank records and other financial reports
  • Sensitive or confidential information for private contracts (government installations, etc.)

No industry is immune to cyberattacks, including the construction industry. According to data breach statistics from BigCommerce, the average cost of a data breach in 2020 was $150 million. Can your construction company sustain a loss of that magnitude?

Some other statistics of data breaches from Rival Security include:

  • Your chance of a data breach is roughly 27%.
  • 84% of companies lack IT security.
  • Every 39 seconds, there is another attack.
  • In 2019, there were 1,473 cyberattacks.
  • The U.S. is the most targeted county.

How Can Hackers/Fraudsters Target Your Company?

There are various types of methods that hackers use to target and execute fraud upon your company. Some of those include:

DDoS Attacks. Cybercriminals can use Distributed Denial of Service (DDoS) attacks to disrupt your operations and crash your server or network. These types of attacks could also present vulnerabilities, so hackers could install malware or ransomware and take control of your technology.

Third-Party Vulnerabilities. Often, scammers get in through a backdoor by exploiting third-party vulnerabilities such as weak passwords, unsecured hardware, apps, or connected cloud services.

The more your entire company takes responsibility for keeping things safe, the better. 

Phishing. Most data breaches occur through phishing campaigns. Phishing is when fraudsters send legitimate-looking emails to a company's employees, tricking them into installing malicious software on their device or giving out personal information like logins. A good example would be hackers sending an employee an email that looks like it came from the HR department asking to confirm their social security number. The employee enters the information and hits send without ever wondering if it was legitimate. 93% of all data breaches were due to phishing scams.

Malware or Ransomware. Another dire threat to construction firms is malware and ransomware. Malicious software can do everything from copy or lock your data, change security settings, add you to a malicious network, consume resources, and even remote control your systems.

Spoofed Email or Websites. Fake websites and email addresses are another way scammers get into your network.

Social Engineering. Either through fake ads or building trust another way, cybercriminals use social engineering to extract valuable personal data or logins.


Real-Life Examples Where Hackers Targeted Construction Companies

A major federal and provincial construction firm in Canada, Bird Construction, was breached last year, and the attack included ransomware. Although they recovered quickly, the government noticed that the company handled many government-sponsored construction projects. When a data breach occurs, many connected customers or vendors may suffer.

According to ConstructConnect, Turner Construction incurred a data breach when an employee sent W2 information to a fraudulent email address. The hackers had spoofed the email address, and the data stolen were names, addresses, social security numbers, and bank details. That was plenty for identity theft and fraud.

A high-level construction firm Whiting-Turner Contracting also suffered a data breach when a third-party vendor handing their W2s and tax forms were breached. Employees of Whiting-Turner Contracting reported that scammers were filing fraudulent tax returns in their names.

Four other notable construction vendors, Central Concrete Supply Company out of California, Century Fence out of Wisconsin, Trinity Solar, and Foss Manufacturing, have been hit with similar attacks. In 2016, 100 construction firms lost volumes of data due to data breaches. Since then, that figure has skyrocketed.

What You Can Do to Protect Your Company

When your entire organization from the top down is invested in cybersecurity, your company data will remain safer.

Here are a few ways you can protect yourself and your company.

  • Outline particular hardware and software policies and guidelines. Perhaps you don't allow any external devices to connect to your Wi-Fi network without monitoring software installed.
  • Set rules upon your firewall to block access to malicious websites.
  • Enforce strict password management.
  • Educate your staff about cybersecurity using specialized training, real-life examples, and tests.
  • Stay on top of emerging threats and provide regular updates to your entire team.
  • Create a disaster relief plan and perform mock drills to see how well your team responds.
  • Hire an outside IT firm to perform penetration testing and a security audit.
  • Update software and firmware to ensure the utmost protection. 

Educating yourself and your staff about cybersecurity could reduce your risk of exposure and eliminate attacks. The more your entire company takes responsibility for keeping things safe, the better. For example, if a fraudulent email comes in, an employee will know how to verify the sender's address and check on the information before doing anything. They will also know that it can be dangerous to click links in unsolicited emails because they often lead to malicious websites and software downloads.

With proper training, your staff will know how to spot scams, secure settings on devices to keep things safe. The more your staff knows about how to respond to cybersecurity threats and best practices, the better.

Go over these key points with your employees:

  • How to spot and what to do about phishing emails.
  • What social engineering is and how it works.
  • Never click links in email or text before verifying where they came from.
  • Never download software from untrusted sources.
  • Use strong passwords and never reuse them elsewhere.
  • How to craft strong passwords using a combination of symbols, numbers, and lower and uppercase letters. Use examples to "show" employees.
  • How and why to use two-factor and multi-factor authentication.
  • Keep software and hardware updated with the latest firmware and security patches.
  • Use antivirus software to protect against malware and other intrusions.
  • Never give out personal information to anyone who requests it without verifying who they are and why they need it.

About the author

David Lukić is an information privacy, security, and compliance consultant at IDstrong.com. The passion to make cybersecurity accessible and interesting has led David to share all the knowledge he has.

Related
cybersecurity construction
3 Risks Lurking in Your Construction Accounting Software
March 29, 2022
Cybersecurity
Study: Half of Companies Miss Cybersecurity Threats
September 2, 2021
Digging Deeper Logo 60e5ec2da68a9
How to Reduce Cybersecurity Threats in Construction
August 30, 2021
In Egnyte's study, 28% of all ransomware attacks detected were in the AEC industry -- 2x the number of reported attacks versus the average across all other industries.
Best Practices for Construction to Defend Itself from Ransomware Attacks
August 23, 2021
Recommended
White Cap has also acquired Crimson Steel Supply, LLC (Crimson Steel), a distributor and fabricator of engineered steel rebar and structural steel products serving non-residential and infrastructure end markets.
White Cap Expands Reach in Oklahoma, Oregon
White Cap has acquired Bend Construction - a supplier of struts, fasteners, anchors, and concrete accessories and products - and Crimson Steel - a distributor and fabricator of engineered steel rebar and structural steel products.
April 16, 2024
The Port of Baltimore is used by many of the largest construction machinery manufacturers.
Construction Supply Chain and the Baltimore Bridge Collapse
How much will construction and other supply chains be impacted by the collapse of the Baltimore Bridge and the suspension of traffic through the Port of Baltimore? End users may temporarily face delays and increases.
April 11, 2024
Emerging technologies and advancements including visual intelligence, sensors, Internet of Things (IoT) devices, robotics, immersive collaboration and 3D printing are surging in popularity among contractors and construction professionals.
Construction Trends for 2024
While the industry will continue to go through transformation like many others, those willing to marry the fundamentals of the craft with new technology and sustainable building methods can continue to experience great success in 2024 and beyond.
March 29, 2024
Latest
Deere3
Deere, Purdy Search for Chief Tractor Officer
To apply, candidates must submit a short-form video with their pitch for the position, showing the creativity, humor, and passion they’d bring to the job.
April 16, 2024
White Cap has also acquired Crimson Steel Supply, LLC (Crimson Steel), a distributor and fabricator of engineered steel rebar and structural steel products serving non-residential and infrastructure end markets.
White Cap Expands Reach in Oklahoma, Oregon
White Cap has acquired Bend Construction - a supplier of struts, fasteners, anchors, and concrete accessories and products - and Crimson Steel - a distributor and fabricator of engineered steel rebar and structural steel products.
April 16, 2024
Adobe Stock 226955427
Designing an Effective Hiring Process
Getting the right people on your team is critical to the sustainability of your business. High turnover rates or underperforming team members can have a detrimental impact on your business and profitability.
April 20, 2024
Kemp Tour 2
Club Car Opens UTV Factory in US
Club Car has opened a new factory in the state of Georgia that will be used for producing popular utility task vehicles (UTVs) that are powered electrically.
April 19, 2024
As part of the company's shift in market approach, execs explain the strategy behind the brand's 2020 departure from conventional yellow machine livery to today's Premium Red.
Changing Colors: Yanmar Turns to Red
As part of the company's shift in market approach, execs explain the strategy behind the brand's 2020 departure from conventional yellow machine livery to today's Premium Red.
April 19, 2024
Located in Apodaca, a city in the Monterrey metropolitan area, the site was strategically selected to supply OEM customers with products and services such as tire mounting, sequencing, just-in-time supply and warehousing on a local basis.
OTR to Open Factory in Mexico
Located in Apodaca, a city in the Monterrey metropolitan area, the site was strategically selected to supply OEM customers with products and services such as tire mounting, sequencing, just-in-time supply and warehousing on a local basis.
April 18, 2024
The new facility, focused on high complexity and high variation specialty fifth wheel manufacturing, will include the current SAF-HOLLAND Wylie, Texas operation.
SAF-HOLLAND to Build New Factory in Texas
The new Rowlett facility is the next phase of the SAF-HOLLAND manufacturing optimization and vertical integration strategy to increase capacity output that began with the opening of its Piedras Negras, Coahuila, Mexico plant in August 2023.
April 18, 2024
Volvo Ce Pioneers E Shuttle Service To Cut Transport Emissions 660d7bf383081
Volvo Construction Testing Out Excavator Delivery in France With E-shuttle
The e-shuttle service is designed to reduce emissions during the first transport leg of construction machines from the Volvo CE factory in France.
April 18, 2024
Compared to the strong sales of the same period last year, market demand is softening across the globe, with lower deliveries and order intake in Europe and North America compensated slightly by a stronger performance in Asia.
Volvo CE Reports Slow Q1 Sales, Orders
Overall, order intake for the Volvo brand decreased in line with market development in Europe and North America.
April 17, 2024
Canadian-based tech company Mercator AI has announced it is expanding into the U.S., starting with Texas.
Construction AI Tool Expands to US
Mercator AI, the AI-powered business development tool for commercial general contractors, announced its expansion into Texas.
April 17, 2024
Tenna
Tenna, Boom & Bucket Partner on Integration for Equipment Valuations
The strategic partnership and integration aims to enhance a construction business’ ability to manage the lifecycle of their owned fleet.
April 17, 2024
Preliminary net trailer orders decreased nominally from February to March.
Trailer Orders Down 24% YoY
Industry experts expect truck trailer orders to face a year of transition.
April 17, 2024
Fires. Tornadoes. Water damage. All of these disasters, and other unexpected events, often lead to large property losses that can devastate businesses.
3 Tips for Managing Economic Risks on Construction Projects
While you can’t eliminate risk entirely, you can take steps to help reduce it, avoid it and protect against it.
April 17, 2024
Worker safety is an area where confirmation bias can have the most disastrous effects, exposing workers all types of potential dangers.
Overcoming Confirmation Bias in Construction Project Management
Confirmation bias can be particularly problematic in project and schedule management, where decisions must be based on accurate and comprehensive information.
April 16, 2024
The awards will be presented at the 2024 ASCC Annual Conference scheduled to take place Sept. 18–21.
ASCC Opens Annual International Decorative Concrete Council Awards Program
The Sixteenth Annual International Decorative Concrete Council Awards program for 2024 recognizes and celebrates exceptional decorative concrete projects from around the globe.
April 15, 2024
Specific details regarding the actual price change will be communicated directly to customers by Trelleborg tires representatives in each market.
Trelleborg Tires to Implement Price Increases
Trelleborg tires will increase prices globally by up to 5% across all segments.
April 15, 2024
When a prospective site can be made suitable for building by extending utilities (such as water, electricity or gas lines) or infrastructure (such as paving or rail services), funding may be available to offset these costs.
Jobsite Due Diligence Can Prevent Costly Delays
Good building sites remain on the market. But many of those sites must be made good with early planning and intervention.
April 15, 2024
Progress included the removal of a 156-ton piece of Span 19 outside of the navigational channel, which was hoisted and loaded onto a barge and taken to Sparrows Point, Md., for future disposal.
Baltimore Crews Remove 156-ton Piece of Key Bridge
Progress included the removal of a 156-ton piece of Span 19 outside of the navigational channel, which was hoisted and loaded onto a barge for future disposal. Container removal from Dali has begun.
April 8, 2024
How Home-based Drug Deactivation and Disposal Saves Lives
Opioids in Construction: How Home-based Drug Deactivation & Disposal Saves Lives
Whether used by children or adults, excess medications in the household are a huge threat. Eliminating unused medications should be a top priority. Your employees should know that this is important to you as an employer.
April 8, 2024
Under the federal Occupational Safety and Health Act (OSH Act), employers have a duty to monitor worksites and prevent hazardous conditions from developing. As it does with other major industry sectors, OSHA issues specific regulations targeting the safety risks unique to the construction sector.
What Artificial Intelligence Means for the Construction Workplace
When integrating AI into their business models, construction companies should carefully weigh the costs and benefits of this technology.
April 12, 2024
The concept adaptive reuse is the practice of repurposing abandoned, older structures for a different purpose than what they were originally intended for with the express purpose of extending the building’s life.
Commercial Building Reuse in the Work-From-Home Economy
As the American workplace adapts, the traditional 9-5 will likely continue to become less common. What does that mean for landlocked employers staring down half-empty offices?
April 10, 2024
Customer Service 10860910
Exceptional Customer Service Starts with Confidence
Customers want to know that the employee they are working with is confident and will be able to serve them in a professional manner.
September 17, 2019
James Howe.
Howe Named President of Motion Industries
James F. Howe has been named to the position of president of Motion.
April 8, 2024
Photo Apr 14 2023, 13 34 49
Why Aegis Asphalt Has A Bright Business Future
Out in the Pacific Northwest of the United States, the weather is against you, the time is against you, and in the case of Aegis Asphalt Construction, they've had to start from the literal ground up, growing the business by leaps and bounds.
April 8, 2024