8 minute read
Building a Strong Cyber Defense
Cybersecurity Measures for Everyone
Steven Swan Master Builders Communications
Cybercrime is a growing threat to businesses, with an increasing variety of scams. A Scamwatch survey shows small businesses lost $13.7 million to scams in 2022, a 95% rise from the previous year. Almost half spent less than $500 per year on cybersecurity measures and rated their understanding as ‘average’ or ‘below average’. Scamwatch’s Targeting Scams report indicated Australians lost $3.1 billion to scams in 2022.
Cybersecurity is a critical issue in today’s rapidly evolving digital world, affecting individuals, businesses, and industries. The construction industry, relying more on technology for project management and automation, is not immune. High-profile cyber attacks like the Optus and Medibank incidents in Australia show the devastating impact of inadequate cybersecurity. Over ten million Australians had their personal data leaked due to Optus’s insufficient security practices. Medibank, Australia’s largest insurer, suffered a similar breach.
As the construction industry embraces digitalisation, it’s essential for professionals to stay informed and take proactive steps to lower the risk of cyber attacks. Equipping oneself with knowledge and best practices can greatly reduce the threat. This article will outline easyto-adopt guidelines for anyone in construction. Incorporating these measures can significantly enhance your digital security and protect your business from cybersecurity incidents.
Use strong and unique passwords, or passphrases
Using strong, unique passwords is one of the most effective ways to protect your online accounts from unauthorised access. To create secure passwords, use a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable or personal information such as birthdays, common words, or family members names. Consider using a password manager to help you store and generate complex passwords. The time it takes for a cybercriminal to guess a password can vary drastically depending on the password’s length and complexity. To illustrate this, let’s consider two extreme examples. Short Password: “abc123” — a simple 6-character password like this could be cracked in a few seconds.
Complex Password: “C0mp!ex&P@55w0rd*2023” — this secure 21-character password, with a mix of uppercase and lowercase letters, numbers, and symbols would take 3 sextillion years to crack. If you are wondering how long that is, 3 sextillion years is equal to 3 trillion billion years!
To gauge the strength of your password, consider using an online password checker like www.security.org/how-secure-is-my-password, which can provide an estimate of the time it would take for a cybercriminal to crack your password. This helps you determine if your password is sufficiently secure.
Passphrases offer a more secure alternative to traditional passwords because they typically consist of a series of words or a sentence, making them longer and more difficult for attackers to guess or crack using brute force methods. By incorporating a mix of uppercase and lowercase letters, numbers, and symbols within a memorable and unique passphrase, you can significantly enhance the security of your accounts and reduce the likelihood of unauthorised access. Consider using passphrases instead of passwords to bolster your online security and safeguard your sensitive information.
For example:
Password: C0nstruct!on21
Passphrase: CraneConcreteBlueprintHammer2023!
The password, while containing a mix of uppercase, lowercase, numbers, and symbols, is shorter and might be easier to crack. The passphrase, however, is longer and composed of unconnected words. It’s also easier to remember and harder for cybercriminals to guess due to its length.
Multi-factor authentication (MFA)
MFA adds an extra layer of security to your accounts by requiring additional verification, such as a one-time code sent to your phone. It requires you to provide two or more types of credentials to verify your identity. For example, when accessing project management software remotely, you would enter your username and password (first factor) and then provide a second factor like a one-time verification code sent to your mobile phone (second factor). This additional step makes it harder for unauthorised individuals to gain access, enhancing the security of your accounts and project data. You should enable MFA on commonly used services like email, banking, and social media accounts. Most platforms offer step-by-step instructions for activating MFA in their security settings.
Double the security, double the protection. Activate MFA today.
Safe browsing habits
When sharing information online, such as when you’re buying materials from a supplier and entering your payment details, ensure your communication is secure. Do two quick checks: look for “https” at the start of the supplier’s website URL (the ‘s’ means secure), and for a padlock icon. “Https” and the padlock symbol indicate an encrypted connection, preventing eavesdropping. However, these signs only show a secure connection, not necessarily a secure website. If they’re missing, your communication isn’t secure.
Phishing attempts and scams are prevalent in the digital landscape, and the construction industry is no exception. In 2022, a major contractor was hit by a ransomware attack that encrypted all of its data. The company was forced to shut down its operations for several days while it worked to recover its data. The attack is estimated to have cost the company millions of dollars. Cyberattacks often come in the form of deceptive emails or messages, seemingly from well-known entities like the ATO or a major bank, designed to trick you into revealing sensitive information, such as passwords or financial details. Imagine receiving an email from a subcontractor requesting payment, but the email address looks slightly off. This could be a phishing attempt trying to trick you into transferring money to a scammer’s account. To avoid falling victim to such scams, always verify the sender’s identity and never provide personal information unless you are absolutely certain of the recipient’s legitimacy.
Stay secure online: Check for ‘https://’ “
Fi networks, particularly public ones, and take measures to secure your data.
Public Wi-Fi networks, like those in fast-food restaurants or public spaces, carry risks as they’re often less secure than private networks. Cybercriminals can exploit these networks to access sensitive data. For instance, a construction manager using a McDonald’s carpark Wi-Fi to log into their company’s filesharing platform might unintentionally expose confidential documents to hackers.
software app, MFA would require you to provide a second form of identification, such as facial recognition or a unique code sent to your phone, before granting access.
Regular software and device updates
In a world where technology is constantly evolving, keeping your software and devices up-to-date is more important than ever. One of the key reasons behind this is that updates often include vital security patches that protect your devices from known vulnerabilities. Cybercriminals are always on the lookout for weak spots in software, and outdated applications or devices can provide an easy entry point for them to access your sensitive data or wreak havoc on your systems.
To ensure the highest level of security for your devices and applications, it’s important to enable automatic updates. This will ensure that you always have the latest security features, without having to manually check for and install updates. By doing so, you can minimise the risk of falling victim to cyberattacks that exploit outdated software. For instance, enabling automatic updates for your project management software can protect your valuable project data from being compromised by hackers who take advantage of known vulnerabilities.
Stay one step ahead of cybercriminals: Keep your
To mitigate these risks, it’s crucial to secure your home or office Wi-Fi network with a strong password and enable encryption. This will help prevent unauthorised access and protect your data from potential cyber threats. When using public Wi-Fi networks, consider using a virtual private network (VPN) to encrypt your connection and protect your data. A VPN can help keep your information safe even when connected to less secure networks, allowing you to access essential documents or communicate with team members without compromising your security.
Furthermore, only download apps from trusted sources, like the official app store for your device, to minimise the risk of installing malicious software. For added protection, consider using mobile security software that can help detect and prevent potential threats. By taking these measures, you can better safeguard your mobile devices and the valuable data stored on them.
Wi-Fi network security
In today’s connected world, Wi-Fi networks are indispensable. However, it’s essential to be aware of the potential risks associated with Wi-
Mobile device security
As mobile devices like smartphones and tablets continue to play an increasingly important role in the building industry, securing these devices is essential to protect both personal and workrelated data. Construction professionals use mobile devices to access project documents, communicate with team members, and manage daily tasks. However, just like computers, these devices are vulnerable to security threats, and taking precautions to keep them safe is crucial. To bolster the security of your mobile devices, it’s important to keep them updated with the latest software and security patches. Regular updates help protect your devices from known vulnerabilities and potential cyberattacks. Additionally, enable multi-factor authentication (MFA) whenever possible to add an extra layer of security, making it more difficult for hackers to gain access to your accounts. For example, when accessing your cloud-based accounting
your mobile devices: Update, Authenticate, and Protect.
Secure
Social media privacy
In the age of social media, staying connected with friends, family, and colleagues has become second nature. However, oversharing on social media can expose you to cyber threats and provide valuable information to criminals. Being mindful of the information you share online is essential to safeguarding your personal and professional data.
Oversharing on social media platforms can inadvertently reveal sensitive information, such as your location, workplace, or even details about your current projects. Cybercriminals may use this information to target you, your family, or your company, potentially leading to identity theft, phishing attacks, or other forms of cybercrime.
To minimise the risk of exposing yourself to these threats, be cautious about the information you share online. Avoid posting details about your daily routines, specific project information, or any content that could be used to impersonate you or gain access to your accounts. Additionally, it’s important to regularly review and adjust your privacy settings on social media platforms to limit the visibility of your personal information. By doing so, you can control who has access to your content and reduce the likelihood of falling victim to cyber threats.
Think twice before you post.
Data backup and recovery
In the fast-paced building and construction industry, valuable data is generated daily, from project plans to financial records. However, unforeseen events like cyber attacks or hardware failures can result in significant data loss. That’s why regularly backing up your important files and data is crucial for protecting your construction business from potential disasters.
Consider the scenario where your business falls victim to a ransomware attack, and your project
Useful resources
Australian Cyber Security Centre –Small Business Cyber Security Guide
The Australian Cyber Security Centre has prepared a detailed guide to support small businesses better understand and develop responses to potential risks.
Learn more here: https://www.cyber.gov. au/resources-businessand-government/ essential-cyber-security/ small-business-cybersecurity files become encrypted and inaccessible. If you have a recent backup of those files, you can quickly restore them and minimise the impact on your operations. Regular backups serve as a safety net, allowing you to recover lost data and maintain business continuity.
When choosing a backup method, consider what suits your needs best. Cloud storage services, like Box or Google Drive, offer convenience and accessibility, allowing you to securely store and retrieve your data from anywhere. Alternatively, using external hard drives or network-attached storage (NAS) devices provides physical backups that can be stored offline for added security. Additionally, having a well-thought-out data recovery plan is essential. Establish procedures and document the steps required to restore data in the event of a cyber attack, hardware failure, or any other data loss incident. This proactive approach will help your business recover quickly and efficiently, minimising downtime and potential financial loss.
Cybersecurity is essential for the construction industry. By implementing strong passwords, enabling multi-factor authentication, practicing safe browsing habits, securing Wi-Fi networks, and regularly backing up data, professionals can protect their businesses and projects from cyber threats.
Prioritising cybersecurity measures ensures a safer digital environment and allows construction professionals to focus on their core activities with confidence. Stay informed, follow best practices, and safeguard your business in the evolving world of cyber threats.
Stay alert to new threats and scams
The Australian Cyber Security Centre provides regular cyber security alerts impacting small businesses. You can also report a cyber security incident.
Learn more here: https://www.cyber.gov. au/about-us/view-allcontent/alerts-andadvisories
The Australian Competition and Consumer Commission’s “Scamwatch” website can help you stay on top of emerging scams. Scamwatch operates an alert service with warnings about new scam threats provided direct to your inbox.
Learn more about this free service here: https://www. scamwatch.gov.au/ about-scamwatch/ tools-resources/onlineresources
