Every sector and industry faces cyber threats, but some—such as the construction industry—are less prepared to handle (and are much less aware of) these threats than others. Here are three cyber threats every construction firm should be aware of.
Phishing occurs when a cybercriminal sends an organization’s employee(s) a deceptive email seeking to trick the recipient(s) into providing the cybercriminal with sensitive information. For example, a cybercriminal may send the an employee an email pretending to be the organization’s information technology provider and asking the employee to enter his or her credentials to confirm his or her identity as part of a routine cybersecurity screening. The unwitting—but well meaning—employee complies with the cybercriminal’s request and enters his or her credentials, thus giving the cybercriminal full access to the employee’s email account—and Social Security numbers, financial account information, and other sensitive information that the email account contains.
Ransomware attacks occur when a cybercriminal deploys malware to encrypt a victim’s servers and/or computers and thereby restricts the victim’s ability to access his or her files. The cybercriminal demands a negotiable ransom, typically to be paid in Bitcoin or another cryptocurrency, for the files’ safe return.
Malicious Coding Injections
Cybercriminals often inject malicious codes into webpages. This coding allows cybercriminals to obtain credit or debit card information as it is entered into online payment portals by unsuspecting customers. Cybercriminals later use that information to defraud the credit or debit card owners.
What do these threats mean for construction firms? Liability. Cyber threats and accompanying data loss can expose any organization to privacy law compliance obligations, litigation, and regulatory investigations.
And what’s a construction firm to do given these cyber liabilities? Be aware of these and other cyber threats and be proactive by employing simple tips such as investing in cyber liability insurance to minimize risk.
Attorneys from McDonald Hopkins’ Construction Practice Group and Data Privacy and Cybersecurity Practice Group are available to counsel construction firms on these and other emerging cyber threats. Contact the attorneys below with questions.