Experiencing a cyber-attack can be devastating for any company, both reputationally and financially, and the statistics demonstrate that there are no signs of these crimes slowing down. 32% of businesses fell victim to a cyber-attack last year and construction firms are no exception to this rule no matter their size. Whilst it is impossible to completely eradicate the possibility of an attack, there are various ways for companies to increase their awareness, bolster their defences and become more prepared, ultimately practising cyber resilience.
Construction businesses in particular are targeted for a multitude of reasons. Firstly, as is the case with many organisations, these firms handle two assets that are desirable to a cyber-criminal: data and money. Whilst these assets are not always as vast as they would be in another industry, they are made more lucrative to criminals because of their accessibility. Construction firms function within a network of connections, including the customers they serve but also the multitude of trades that they work alongside. This means that making high-value payments and transfers is not uncommon practice. Furthermore, having multiple connections to other businesses increases the number of access points for criminals to target; for example, by compromising another company and fraudulently approaching the business. However, the nature of construction as a practical business means that many people are unlikely to see cybersecurity as a worthy investment or be particularly aware of cyber-attacks as an acute threat.
Ultimately, the reality is that without adequate cyber security and thorough education, construction firms are at great risk of losing substantial money, making it a valuable consideration.
One of the biggest cybersecurity threats is phishing, which is essentially receiving deceptive contact from criminals, often by email, with a request for you to do something like click on a link or download an attachment. Whilst some phishing attempts are easy to spot if they are laden with mistakes or asking something outside of your remit, others can be more convincing, and criminals are prepared to go to great lengths to make them believable. This crime relies on social engineering and more sophisticated phishing might include emails from what looks like a colleague, or links to pages that appear familiar. If successful, phishing will often result in malware being installed or your details being recorded, and your account subsequently compromised. Criminals use this method because it allows them to commit a crime through an open door, rather than externally hacking the company’s systems. This tactic is frequently used in attacks, meaning it is important that all staff are educated on what to look out for. For smaller businesses who may not have surplus resources to invest in cybersecurity, this is where the Security Awareness Training offered by the ECRC can be a great option.
What is Security Awareness Training (SAT)?
Security Awareness Training is offered by the ECRC as an affordable way to start an open dialogue amongst your staff about all things cyber-crime. This is delivered by students working as part of CyberPATH programme. Through CyberPATH, students are trained and monitored by senior ethical hackers to provide a selection of cyber services to businesses, which supports the future cyber talent pipeline and keeps the cost to a minimum.
Training can be issued across either a full or half day and is tailored to the needs of its specific audience. It is designed to be contextually relevant and accessible for all abilities. This could include talking about the most common cyber-crimes committed against firms working in the construction sector, as well as common features of phishing emails and suspicious requests. Thorough training allows the company to increase cyber resilience as a collective and can transform staff from being a vulnerable access point into an effective line of defence against an attack. SAT also educates people on the best practices of staying safe, such as secure passwords and MFA, and teaches them why the way they conduct themselves online matters to keep them safe. Police Cyber Protect officers can also deliver SAT free of charge and offer engaging activities such as an online Cyber Escape Room.
What else can the ECRC do to help?
Signing up as a free member of the ECRC ensures you are supported in making impactive choices to improve your cyber resilience. Our free membership enrols you onto our ‘Little Steps’ programme, a weekly email series delivering informative and proactive steps into your inbox, designed to be succinct and accessible. Our communications also signpost you towards the free resources that exist to support SMEs with their cybersecurity needs, which can be accessed from our website here.
Additionally, the ECRC offers a handful of other affordable cyber services, all delivered by CyberPATH students. These include various vulnerability assessments that look at aspects of your organisation’s online presence at different depths. Vulnerability assessments are ideal for those who want clarity on their current cybersecurity position, in terms of existing vulnerabilities and the subsequent steps to manage them. All services are concluded with an accessible report detailing the findings and suggestions on how to manage any concerns that have been identified.
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which isn’t ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)