Architecture, Engineering & Construction companies are an irresistible, lucrative, and easy target for hackers, and each day this risk continues to grow.
When Ransomware first appeared, becoming a victim of an attack wasn’t necessarily a death sentence. Many companies had backup and disaster recovery plans that allowed them to restore systems to pre-infection status and get back to work. The companies that didn’t have these systems in place weren’t properly managed and maintained) and were forced to pay the ransom.
Ransomware Hackers have become more sophisticated
Most recently, Ransomware hackers have upped their game and now steal information from an infected party before encrypting their data, so even practices with proper backup and disaster recovery systems are now forced to deal with hackers to prevent the exposure of their sensitive data.
The big problem is that once a ransom is paid to ‘de-list’ a company’s data, there is no guarantee that the data will be taken down. If the data is taken down, there is no guarantee that it won’t be kept and used in the future for additional extortion attempts.
Hackers are now proving they have sensitive information by releasing portions of actual stolen data as ‘proof’ to the target medical practice that they mean business, and that they have the data in question.
While you might think these attacks are the result of someone hacking away at your I.T. defenses and finally getting a foothold because of some technical oversight, the vast majority of these attacks come as an email attachment that someone inside your organization then clicks on to initiate the attack.
In fact, the Verizon Data Breach Report indicates that Email was the top malware delivery method at a whopping 95%. This attack vector normally comes with either a Microsoft Office document or a Windows Application as an attachment, and will typically install backdoor command and control software that allows hackers to take a look around and deploy ransomware once they are ready.
Once they gain access to your system, they can take all of your employees’ and clients’ classified information or change the content of documents, which could drastically affect your business.
As if the cost of downtime was not bad enough, it’s the incalculable costs, such as damage to reputation, loss of sensitive and important data, and loss of clients that could prove to be more disastrous for AE&C companies after this kind of disaster.
The fact is that much of this risk and exposure can be mitigated with some simple changes and a common-sense approach to safeguarding your company.
10 Steps to Protect Your Firm:
- Educate your team on cybersecurity best practices and how to identify a risky email (see A Construction Company’s Best Defense Against A Cyber Attack is not What You Would Guess)
- Perform regular software updates in a timely fashion
- Follow best practices for safe-guarding data
- Back up your data on a regular basis and test your back up systems
- Conduct a risk assessment by testing your staff and system vulnerabilities
- Learn about and invest in Cyber Liability Insurance for your Firm
- Don’t assume your data is safe just because it’s “in the cloud”
- Utilize two-factor authentication and password complexity requirements
- Create a plan of action to implement in the case that a data breach does take place
- Form a partnership with an IT firm who will handle all aspects of safeguarding your firmLearn more about how Construction Companies are Prime Targets of BEC and Wire Fraud Attacks.