CYBER CRIME: HOW ARCHITECTS, ENGINEERS AND CONTRACTORS MAY BE AT RISK  cybersecurity-img


April 12, 2017 | BY DANIEL GMELIN


Cyber breaches are big news. Large corporations get hacked with alarming frequency, and hundreds of thousands of consumers are vulnerable. You may not think your architectural, engineering or contracting firm is at risk, but that is simply not the case.

Building information modelling (BIM) and computer-aided design (CAD) are in widespread use. These tools, while they improve efficiency and quality, also increase the risk of a cyber-attack. There have been well-publicised cyber-attacks on solar panel installation contractors, HVAC contractors, manufacturers and retailers of building products, fence contractors, and many other firms across the industry.

Customer information, intellectual property and your firm’s financial information are all at risk. Social engineering and phishing scams can defraud your company of thousands of dollars. Your firm could experience damage to your reputation, business interruption or construction delays, and lawsuits by affected clients.

Small businesses are increasingly at risk.

Large corporations are not the only ones affected. According to international cyber security and anti-virus provider Kaspersky Lab, small businesses faced eight times more ransomware attacks in the third quarter of 2016 than in the same quarter last year. The average cost of a cyber-attack on a small business is $690,000, according to Ponemon Institute. Notably, the National Cyber Security Alliance found that 60 percent of small businesses close their doors within six months of a cyber-attack.

Security essentials.

  • Open-access Wi-Fi networks (those without passwords) are prime targets for scammers. Make sure your network is password-protected.
  • When logging into email or other secure sites, make sure the URL starts with https://. This indicates a secure site. A site that starts with http:// (no ‘s’) is not secure.
  • When you’re using your computer or tablet in a public space, shield your login screen and other sensitive content from prying eyes.
  • Don’t leave your laptop, tablet or phone unattended where someone can grab it and all the data it contains.
  • Disable the automatic check-in feature of your phone. This feature can reveal personal habits and sensitive information.
  • Don’t give strangers without proper credentials access to secure areas in your building.
  • Lock your computer when you leave your office, desk or work station.
  • When you’re sending a confidential document to a colleague or client, encrypt it before you email it. Then email the encryption password in a separate email. This is safer than uploading it to a password-protected cloud sharing app, or mailing a CD.
  • When possible, use a corporate VPN to establish remote connections to business systems.
  • Make sure your firewalls are regularly updated with the latest security patches.

Email security

  • If you receive an unsolicited email, verify its authenticity. Company logos are easily copied by scammers, so don’t assume that a logo means an email is from the company it purports to be from.
  • Reputable companies generally don’t use public email services like Gmail and Yahoo, so emails from these domains should be carefully scrutinized.
  • Beware of requests to supply or “verify” account numbers or sensitive information.Don’t click on links in unsolicited emails. If you think the message is legitimate, go to the company’s website and log in from there.

Social engineering

Social engineering attacks pose a significant threat to data and systems. These are attacks in which scammers trick people into giving them access to sensitive information. Rather than breaking into your network, these scammers will try to get you to hand over the information willingly by making you think they’re someone they’re not.

Here’s what you need to know about these kinds of attacks:

  • Fraudulent communications like phishing emails and smishing (fake SMS or text messages) trick users into clicking on links that can infect their computers with viruses or activate bots that collect sensitive information. Don’t click on a link unless you are absolutely certain the message is legitimate.
  • Social engineers troll social networks to learn personal information and details and then use this information to try to hack into their accounts.
  • Common social engineering tactics include:
    • Strange links in posts
    • Unexpected popups
    • Pirated media with embedded malware
    • Messages offering rewards for contests you did not enter
    • Fake social media profiles, pages or groups
    • Apps or games requesting access to your profile information
  • Social engineering attacks can also happen over the phone, with a caller requesting sensitive data, or in person by a contracted employee trying to gain access to your network.

Mobile device safety

  • Four-digit PINs are relatively easy to break, especially if they are birthdays or anniversaries. Use a six-digit PIN instead. Fingerprint trails can reveal swipe patterns, so use a complex swipe pattern and clean your screen regularly. Alphanumeric passwords and fingerprint IDs are more secure.
  • Back up your device to a computer or cloud service. Use encrypted backup options for added security.
  • Consider an app that wipes the contents of your device if it is ever lost or stolen.
  • Turn off your camera’s geotagging function, as it gives scammers information about your location.
  • Be careful when connecting to Bluetooth with your mobile device as you may be giving those nearby access to your device when you connect.

Insurance

  • Verify that your business liability insurance policy includes coverage for breaches of corporate confidential information.
  • Purchase a policy that affirmatively covers funds stolen from your customers’ bank accounts.
  • Make sure your policy has a limit of at least $2 million in the aggregate for privacy breach costs.
  • If you use a phone app for mobile time tracking, work on system design or installation for smart building, or collect data or stream from drones, you could be putting your company at risk.

Professionals in the construction industry are as susceptible as anyone else to cyber-attacks. Know how to protect yourself and talk to your employees about this growing threat. Taking these precautions will help reduce your risk of becoming a victim of a cyber-attack.


Dan Gmelin is now a VP, Head of Architects and Engineers at Argo Pro. He can be reached at daniel.gmelin@argogroupus.com

Share this article with your friends 

share linkedin
  share twitter   share facebook
  »NEW SUSTAINABLE AND GREEN BUILDING SECTIONS
  »ESD - SUSTAINABLE PROJECTS & MASTERSPEC
  »MYRTLE RUST - HELP SAVE OUR ICONIC NATIVE TREES
  »TRAFFIC SIGNS AND ROAD MARKINGS
  »CYBER CRIME: HOW ARCHITECTS, ENGINEERS AND CONTRACTORS MAY BE AT RISK
  »AS/NZS 60598.1 - LUMINAIRES TIMES TWO
  »REMOVING USER PRIVILEGES AND DELETING A USER
  »JNL J-FRAME SPECIFICATION UPDATE
  »NEW PRODUCT PARTNER, EXISTING WORK SECTIONS
  »A CONCLUSION ON THE INCLUSION - RISK OF SPONTANEOUS GLASS FAILURES
  »RESIDENTIAL POOLS AND THE NEW NZBC F9/AS1 AND F9/AS2
  »HEALTH & SAFETY AND EXPLOSIVES UPDATES
  »UPDATES TO, PLASTER BOARD, PAINTING & TREATMENT STANDARDS
  »BUILDING CODE AMENDMENTS 2017 OVERVIEW
  »MORE INFORMATION ON NZS 4223 AND NZS 3604 UPDATES
  »NEW RESTRICTIONS ON COMBUSTIBLE EXTERNAL CLADDING
  »NEW SLIP RESISTANCE AND AS 4586
  »AS/NZS 5601.1 AND THE AFFECT ON G4, G10 AND G11
  »AS/NZS 3500 AND THE AFFECT ON G12 AND G13
  »CHANGES TO H1 AND THE AFFECTS OF THE NEW NZS 4218
  »UPDATING WORK SECTIONS IN MASTERSPEC
  »STEEL REINFORCEMENT MESH FOR CONCRETE - CLARIFICATION
  »NEW ELECTRICAL STANDARDS
  »NEW AS/NZS 1252 STANDARDS FOR BOLTS, NUTS & WASHERS
  »SPECIFYING MEMBRANE LEAK TEST METHOD AT DESIGN STAGE
  »REFRIGERANTS AND REFRIGERATING SYSTEMS - NEW STANDARDS
  »NEW ACOUSTIC STANDARD AS/NZS 2107 PROMPTS OTHER CHANGES
  »MBIE AMEND 28 ACCEPTABLE SOLUTIONS AND 10 VERIFICATION METHODS
  »NEW GEOTECHNICAL ENGINEERING GUIDANCE FROM MBIE AND THE NZGS
  »CHANGES TO SEISMIC DESIGN REQUIREMENTS FOR SUSPENDED CEILINGS
  »NEW MBIE PRACTICE ADVISORIES ON NON-STRUCTURAL BUILDING ELEMENTS
  »CLARIFICATION ON TESTING OF GRADE 500E DUCTILE STEEL MESH
  »NEW STANDARD FOR PLAYGROUND EQUIPMENT AND SURFACING COMING INTO EFFECT
  »NEW POOL SAFETY LEGISLATION
  »ASBESTOS REMOVAL NEW CODE OF PRACTICE
  »NEW NZS 4246 INSULATION STANDARD
  »NZS 1170.5: 2004 NEW AMENDMENT
  »PHOTOVOLTAIC STANDARDS CHANGE
  »UPDATES TO GLAZING IN BUILDINGS STANDARDS NZS 4223
  »DESIGNING FOR COUNTER TERRORISM
  »MASTERSPEC TENDER FORMS UPDATED
  »AS/NZS 1170.2:2011 NEW AMENDMENT
  »NSW APARTMENT DESIGN GUIDE
  »DESIGNING SCHOOLS IN NEW ZEALAND
  »CONSTRUCTION CONTRACTS ACT NOW INCLUDES DESIGNERS, ENGINEERS, QS'S
  »THE GREENEST COMMERCIAL BUILDING IN THE WORLD
  »GOOD PRACTICE GUIDELINES - EXCAVATION SAFETY
  »CHANGES TO GENERIC SECTION 8430 FENCES
  »MASTERSPEC ELECTRICAL SECTIONS UPDATES
  »NEW SECTION 7628 VRF AIR-CONDITIONING SYSTEM
  »NEW FIRE SAFETY SYSTEMS SECTIONS
  »FIRE EXTINGUISHERS - MATCHING THE HAZARD
  »PASSIVE VENTILATION IN THE CLASSROOM – A NEW STUDY
  »NEW SECTION 7383 FIRE & SMOKE CURTAINS
  »NEW SECTION 7371 UNDERGROUND FIRE HYDRANTS
  »NEW SECTION 7372 FIRE HYDRANT SYSTEMS FOR BUILDINGS
  »NEW GLASS BARRIER REQUIREMENTS FROM 1 JUNE 2016
  »NOW YOU CAN HIGHLIGHT IN MASTERSPEC NEXTGEN2
  »MBIE - QUICK GUIDE TO PRODUCT SUBSTITUTION
  »COMPLAINTS ABOUT NON-COMPLIANT BUILDING PRODUCTS
© 2017 Construction Information Limited
Construction Information Limited Construction Information
Powered by streamSWEET CMS  
Feedback