6 Minute Read
March 17, 2020
Technology growth has meant that data security has become a higher priority—both in our personal lives and in our businesses. It wasn’t all that long ago that data security was something that most of us took for granted. But technology has opened new doors of opportunity for bad actors to take advantage if proper safeguards aren't in place.
Cybersecurity expert Bryce Austin, principal of TCE Strategy, has provided Trimble Viewpoint customers with a bevy of helpful tips over the years. With Cybersecurity Awareness Month now upon us, let’s take a look at the best cybersecurity tips for contractors from Austin and others.
The new norm of connectivity we have with the world also means more access that nefarious actors have to you and the places you live and work. And if we let our guard down or allow unprotected pathways to unwanted interactions, we run the risk of being taken advantage of.
At its heart, cybersecurity is about risk mitigation. Just like other risks, there’s no way to guarantee a data security event will never happen; all we can do is be well prepared if or when it does. According to Austin, there are three risk responses that businesses can choose to engage in:
These categories are true across most aspects of security—and it’s about being proactive.
“If you can see the freight train coming, it's much easier to get off the tracks than it is to try to put the pieces back together after you get hit,” Austin said.
And for cyber criminals, that freight train is big business. In 2021, the global cost of cybercrime was a staggering $6 trillion—a figure larger than the economies of every country in the world except for the U.S. and China. That figure is expected to grow to $10.5 trillion by 2025, which in terms of monetary cost is larger than that of natural disasters and other black swan economic disruptions like COVID-19 or the Great Recession.
So far this year, some of the world’s biggest companies—Apple, Meta, Samsung, Twitter, Microsoft, and others—have suffered costly and embarrassing breaches, but construction businesses have historically been targets as well. Contractors that rely on heaps of data to facilitate complex construction projects are among the many businesses that can often be targets of cyber criminals. Multiple projects, using many different applications and hundreds, if not thousands of workers entering data can provide plenty of potential doors of opportunity for cyber criminals to knock on. So, how do contractors ensure these doors stay locked?
First and foremost is knowing where to focus. Phishing is a great place to start, because so many aspects of cybersecurity—from breaches to ransomware—begin with phishing. It’s critical that teams and their third party partners understand what to look for.
By far the most widely used, phishing is essentially looking for people or habits that criminals can take advantage of. In these cases, victims might get an email, text or even call alerting them of a reported virus, locked account or other “problem” with a software application or credit card they use.
“Cybersecurity experts might know what phishing is, but do your technology users know?” Austin said. “Do users know it could be text messages? Spam calls pretending to be someone else? Emails? Any user that interacts with technology in the business must be educated about what phishing is, so they know how to prevent it.”
The good news is, there is a common methodology to every breach, a chain of events in which each step is necessary for the hacker to succeed:
Disrupt any of those steps and companies can stop the breach. Or, as Austin says it: “Stop any step, stop any breach. All of these things have to happen in order for a breach to take place. And if you can detect and disrupt any one of these five, you will stop the breach. That’s an important take-home message.”
Ransomware: In this attack, a breach occurs when you or someone at your organization clicks on a link or file in an email, or hackers are able to crack your password. Once they’re in, they unleash a program that essentially hijacks your computer and data until you agree to pay a fee.
Ransomware is one of the primary means cybercriminals use against businesses like construction. When it comes to protecting against ransomware, Austin recommends doing the following:
Of all of these measures, Austin dwells on MFA for VPNs, saying it is imperative: “It’s the closest thing to a silver bullet we have in the cybersecurity industry right now.”
Wire Transfers: Wire transfers are another area that have given thieves access to companies and individuals. And it’s one that has particular interest in construction, where multiple bills, invoices and payments permeate the daily work. In these scams, criminals might send phony invoices or call requesting immediate payment for items in order to avoid default. Once the money is transferred, it’s gone forever (and thieves could have a new back door into your payment processes). Austin strongly recommended a policy where wire transfers are forbidden without a specific phone call being made to someone you are on a first-name basis with to authorize it. No emails—ever to authorize wire transfers or change bank account numbers.
Thankfully, there are solid ways to protect against these threats. Most companies doing legitimate business have safeguards in place to protect its clients from cybersecurity hacks and legions of cybersecurity experts are further helping companies by staying on top of the latest schemes and exposing weaknesses in organizations before the criminals do.
With most businesses moving to the cloud—including leading construction companies—the cyber weaknesses of yesterday have been replaced with stronger security and protective measures that generally make storing of data and working in the cloud safer than with on-premise software, manual processes like pen and paper and hardware that consistently needs updating. These ways of working are actually more vulnerable and perhaps less monitored than they were previously, leaving the door open for older, but proven means of exploitation.
Austin notes that as long as there are strong security measures and proper web-use strategies in place, the cloud can be a huge benefit for companies. Just make sure the software and technology vendors you’re using in the cloud are providing the same levels of high security on their end as well.
So, what are some of the steps contractors can take to maximize their cybersecurity efforts? Here’s a look at some keys:
“In the construction industry, I don’t see as many companies taking advantage of cybersecurity expertise or seeking outside training or help,” Austin said. “I’d like to encourage companies to consider having a cybersecurity coach and a technology coach to be successful in this space because it is a complex, ever-changing landscape.”
The role of IT has expanded significantly over the past few years, as construction technology expands. You’re probably already feeling the pressure to modernize but are too busy managing multiple, disconnected solutions.
Connected, cloud-based construction software suites like Trimble Construction One have some of the latest data security safeguards in place. By hosting contractors’ data and workflows in the cloud—with daily backups, strict access permissioning, strong firewalls, and more—Trimble Viewpoint takes the IT burden off of contractors, allowing them to focus on their real work.