It’s not a new problem to need to share information safely and securely across an integrated supply chain like we have in Construction. It’s not even new that we’re doing this with email and file sharing software to move at a faster pace each day. The problem is that Construction is a huge target because of daily need to share files from dozens of different platforms, which makes user awareness training near impossible.
When I joined McKenney’s I focused on two things: automation and cyber security. The biggest component of cyber security was to improve internet browser security through the latest in Chrome plus ad blockers. Combine that with improved email security and one minimizes the way that bad things make it into a company.
Cisco, a leading network vendor, stated criminals stole over $5.3 billion between October 2013 and December 2016. Additionally, at the end of 2017 according to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses”. From Cisco’s 2017 Annual Security Report spam now accounts for nearly two-thirds (65 percent) of total email volume and continues to grow. Yes, for every legitimate email we receive there should have been 2 spam in our inbox. If you only receive 1 spam email for every 50 legitimate emails, then your technology department is actually preventing 99 spam emails. Furthermore, according to Cisco threat researchers, only about 9 percent total global spam observed in 2016 could be classified as malicious, but that number continues to rise as well. Since the construction industry relies so heavily on file transfers and communication between multiple companies in an integrated supply chain the construction industry has a real problem.
So, what can your company do?
In prior blogs, I’ve talked about the Phishing training that we’ve done to address the growing problem of Business Email Compromise (BEC). The simplest and most cost-effective approach is to train all employees to ‘hover over’ hyper-links (aka URLs). When everyone in a company knows to hover, they will quickly see that emails that appear to be legitimate are pointed to either criminal web-pages or hacked websites. Either way, it is very clear once someone hovers over a link that an email is inappropriate. Once employees have clear and concise communication the best tool to reinforce this communication is phishing simulators, such as those from Wombat, GoPhish or KnowBe4. If you’d like more options simply search “Phishing simulators” for providers of tools that will allow you to send out tests to your employees. You’ll receive reports on which employees clicked on links, opened attachments and generally need more training.
Okay, so things didn’t work out as planned and someone clicked a link entering his or her network password. By now every construction company has dealt with this. You contact your technology department, turn-off the employees account and then send emails to all of your partners, suppliers and customers that received the inappropriate email from your employee’s email. To prevent this form of BEC, ask your technology department to turn on multi-factor authentication. In prior blogs, I’ve written about how effective this is from preventing loss of an account.
If you follow these recommendations as an industry we should be able to get ahead of the criminals and get back to focusing on this current construction boom.
Have a question for our experts? Leave your comment below and check out our website for more information.