Cybersecurity: No Better Time Than Now
(June 1, 2021) - Post-pandemic, companies are doing their best to hustle back to work, while also embracing tech at record levels. At first glance, both of these scenarios seem like overall positives. But it’s also a crucial time to remind companies across construction and transport to do everything possible to protect their cyber assets.
To put it into context, malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information – and then demand money to remedy.
The ransomware virus that recently infected Colonial Pipeline in the U.S. – overwhelming its internal computer network and initiating one of the largest disruptions of American critical infrastructure by hackers in history – resulted in a $5 million payout. This is an all-too-common concession that many businesses eventually surrender to in order to salvage operational systems and data as well as keep private intellectual property and related proprietary information.
To put it into perspective, over half a million pieces of malware are detected around the world per day. Currently, there are more than one billion malware programs in circulation around the globe (and growing rapidly). Every minute, four companies around the world fall victim to ransomware attacks. And with the Internet of Things (IoT) rapidly inserting itself into all-things construction and transport, it should be emphasized that three in four infected IoT devices are routers.
An extremely desirable target for hackers, once infected, a router can then spread the infection to the local network – infecting dozens of additional devices and basically handcuffing an entire organization.
Worth the Cost
Fortunately, we’re not completely helpless to prevent cyber-attacks – though it will require an ever-increasing, ever-evolving level of vigilance to stay a step ahead of the cybercrime community.
For starters, train your employees. Experts estimate that 88 percent of data breaches are caused by human error. Employees with little to no background in information security easily succumb to phishing emails, or unknowingly contribute to the distribution of malware. It’s critical to incorporate cybersecurity training with your annual safety training. Make sure to share specific examples, such as tips for handling confidential information, the ways cybercriminals exploit emails through phishing links and the proper process for reporting a suspected cybersecurity incident.
Additionally, keep software up to date. Your organization’s data is at greater risk if you’re using old software and obsolete applications. It's also wise to utilize multi-factor authentication, which adds a layer of security to the login process. One well-known example is the security system used by most banks where a user is required to sign in with a password and a system-generated code that is sent to their mobile phone.
Moreover, a lot of companies don’t dispose of technological assets properly. Laptops, mobile devices or tablets hold valuable company data and must be fully wiped. Even printers and copy machines record data today, so they will need the same treatment. And practice makes perfect: cyber-security plans are as fundamental as fire-safety plans. You must constantly review and practice – even periodically undergoing audits of your cybersecurity environments to ensure adequate coverage.
And it goes without saying in the digital era: get yourself a solid cyber-insurance policy. Many construction or transport outfits, especially smaller ones, believe they don’t have any real cyber risk, and opt for an insurance policy that blends cyber with professional liability insurance.
You don’t want to learn the hard way that the limited coverage offered by these policies is not enough. The good news is, managing your cyber risk will make your organization a more attractive risk to insurers, and an appropriate policy will be more than worth the cost if/when you’ve been compromised.