6 Tips to Help Avoid a Cyber Attack as a Contractor

You might think construction businesses are less susceptible to cyberattacks than other industries. However, construction companies collect a large amount of data that is attractive to cyber criminals, including employee information, client data and intellectual property, specifications, and more. In fact, in a recent survey*, 59% of Architecture, Engineering, and Construction (AEC) firms said they experienced a cybersecurity threat within the last two years, and of those, 70% were general contractors. 

Some causes of data breaches for contractors include lost devices, hacked systems, malicious code (malware), improper disposal of records, and employee (insider) action. Additionally, as more and more networked technology is incorporated into construction equipment, that equipment can be targeted by cyber criminals as well.

To defend against these threats, your data security plan should contain several key components:

Here are six tips to help safeguard your business from a cyberattack:

1. Secure Your Network with a Strong Firewall
   A firewall is one of the most basic yet important defenses against cyber attacks. It monitors and controls incoming and outgoing network traffic, acting as a barrier between your trusted internal network and untrusted external networks, like the internet. Make sure to use advanced firewalls and keep them updated to prevent unauthorized access and protect sensitive information.

2. Encrypt All Sensitive Data
   Contractors often handle sensitive information such as client details, financial data, and project files. Make sure to encrypt all critical data, both when it’s stored and when it’s transmitted. Encryption scrambles the data, making it unreadable to hackers unless they have the decryption key, reducing the risk of a data breach.

3. Train Employees to Recognize Phishing Scams
   One of the most common ways contractors fall victim to a cyberattack is through phishing scams. These attacks involve fraudulent emails that trick recipients into providing access to sensitive information or clicking malicious links. Make sure to educate your employees about the signs of phishing attempts and emphasize the importance of not clicking on suspicious links.

4. Regularly Update Your Software and Systems
   Cybercriminals often exploit vulnerabilities in outdated software to launch cyber attacks. Regularly updating your systems and applying security patches ensures you’re protected from known weaknesses. Keeping your software current significantly reduces the risk of hacking.

5. Implement Multi-Factor Authentication (MFA)
   Passwords alone aren’t enough to protect your business from a cyberattack. By using multi-factor authentication (MFA), you add an extra layer of security, requiring employees to provide two forms of verification. Even if a password is compromised, MFA helps block unauthorized access to your systems and sensitive information.

6. Back Up Your Data Regularly
   In the event of a cyberattack or data breach, having a recent backup of your data can be a lifesaver. Regular backups ensure that your business can recover quickly with minimal disruption. Be sure to store your backups in a secure, off-site location, and encrypt them for added protection against hacking.

Being proactive is always the best defense so your business is not an easy target for hackers. However, in the unfortunate event of a cyber loss, be sure you have cyber insurance in place, which can provide coverage for both first- and third-party claims. 

Learn more about Acuity's cyber insurance coverage options here. 

*https://www.constructiondive.com/news/cyberattacks-contractors-preparation-cybersecurity-hackers/693971/