Imagine that one of your office assistants is at the end of their Friday shift. It’s been a long day, and your assistant is nursing a hot cup of coffee while contemplating their weekend plans. Suddenly, they receive an urgent email from you requesting confidential information. Under normal circumstances, your assistant would take a closer look at the email and question its legitimacy. Struggling to focus at the end of the day and buckling under the email’s stern language, your assistant relents, sending confidential information to the recipient. The problem? You didn’t send the email, and an unknown entity now has complete access to your private company data.
The above scenario is becoming increasingly common in the construction industry, and companies of all sizes are at risk of being the target of a cyberattack. In years past, construction companies only had to contend with defect claims, contract and payment disputes, and bond protests. Now, construction companies have to protect themselves on all fronts. In this editorial, a Central FL construction lawyer at Cotney Construction Law discusses cybersecurity threats you should be aware of and how you can protect your company from a data breach.
Cyberattacks Are on the Rise
The 2019 Travelers Business Risk Index paints a concerning picture: cybersecurity is now the number one concern across all businesses. The index reports that the number of breach victims since 2015 has risen drastically:
- Large Businesses: 73 percent increase
- Medium Businesses: 200 percent increase
- Small Businesses: 300 percent increase
Perhaps the most disheartening statistic of all: 54 percent of business executives surveyed “believe it is inevitable that their company will be a victim of a data breach or cyber attack.” Despite these growing fears, many businesses failed to implement basic cyber countermeasures.
What Construction Companies Are Up Against
Hackers are after your company’s most valued information, including classified plans, passwords, and intellectual property (something our Hillsborough County construction lawyers are experienced in defending). Although hackers in movies use a dozen computer screens and a flurry of keystrokes to break into computer systems, hackers in the real world use simple phishing scams that masquerade as legitimate emails. While spelling and grammar mistakes could tip you off to a scam, these emails are becoming increasingly professional-looking, and you must take precautions to protect your company. These aren’t bored high schoolers with a penchant for credit card fraud; they’re professionals who target the very heart of large, vulnerable companies. This is exemplified by the rise in ransomware.
Ransomware is malicious software that is spread through phishing emails or infected websites. Once your computer is infected, ransomware locks you out of your personal files until a ransom is paid. Ransomware is best explained by the Cybersecurity and Infrastructure Security Agency (CISA), a part of the Department of Homeland Security: “Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk … and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.”
Related: How to Protect Trade Secrets
Cover All Your Bases
Preventing data breaches should begin with simple tactics that many businesses, unfortunately, don’t take the time to set up. Contrary to popular belief, adding “1” or “!” to your password doesn’t make it strong. We recommend using multi-factor authentication and a password manager to safeguard your most valuable information. Next, you should backup data on a regular basis and store it both offline and on a separate device. You’ll be far less vulnerable to ransomware when hackers have nothing to leverage.
To mitigate phishing emails, you should enable strong spam filters. However, these will be useless if you don’t account for the human element — everyone makes mistakes, including intelligent, experienced employees. Be sure to train your team to recognize suspicious emails, but you may want to go a step further by investing in employee monitoring software. It may sound unpleasant, but we promise you: every job has that one employee that visits websites they shouldn’t.
Invest in Your Company’s Future
For executives that want to do everything in their power to protect their construction companies, using antivirus software and firewall software is just one example of the good security habits that the CISA recommends. But for protecting intellectual property, trade secrets, and valuable information, your company needs an ally that understands intellectual property law like no other. If you are interested in aggressively defending your company’s intellectual property from would-be thieves, consult an experienced Hillsborough County construction lawyer from Cotney Construction Law.
Disclaimer: The information contained in this article is for general educational information only. This information does not constitute legal advice, is not intended to constitute legal advice, nor should it be relied upon as legal advice for your specific factual pattern or situation.