How Contractors Can Protect Themselves From Cyber Threats

We were recently published in Coatings Pro magazine, discussing how contractors need to be concerned about cyber threats. While directed towards contractors, the practices we discuss are also applicable to just about any industry.

 Take a few minutes and check out our article, originally appearing in the January 2020 edition of Coatings Pro.

Protect Your Company Against Cyber Threats

When you are working on several projects, dealing with suppliers, managing equipment, and communicating with workers on various jobsites, the last thing you need to get in your way is a computer issue. Unfortunately, cybersecurity issues are on the rise, and just like any equipment, your network and computers need to be maintained to prevent issues that could delay projects.

Today, over 92 percent of malware is delivered through email. This is bad news for a mobilized workforce. Contractors communicate via email and mobile devices, and often need to access files and software remotely to stay effective. This leaves them as prime targets for these types of attacks.

There are numerous ways that any contractor should be protecting their endpoints.

Establish Secure Remote Access

Construction is largely a mobile industry with a lot of work happening on jobsites and away from the office. Coatings professionals in the field will need to be able to access data (such as their emails, files, and calendars) as easily and as securely as they could while in an office. 

If you don’t provide a secure way for your crew to access this information, they’re going to figure out how to do it themselves. The difference is that their way is almost guaranteed to not be secure.

Fortunately, by utilizing a Virtual Private Network (VPN), a worker’s device (whether it be a laptop, a tablet, or a smartphone) will be able to connect directly to the home network securely. Data will be encrypted to prevent it from being intercepted, and you can ensure that sensitive information isn’t accessed by others.

Use Mobile Device Management

Mobile devices are now commonly found at the worksite, introducing various other potential issues. What would happen if a worker loses a device or one of your employees walks off the job? Being able to control company data on these devices -- and revoke access to email and sensitive company documents at a moment’s notice -- will prevent data theft and other risks.

These devices and the data on them can be given the nuclear option as well. By implementing mobile device management policies, you give yourself the ability to wipe a device remotely if necessary. This should be implemented whether you provide the device or it belongs to the employee, which you can enforce through a Bring Your Own Device policy. Most modern Android phones have a feature called ‘Work Profiles’ that segments a small portion of an employee’s smartphone off and encrypts it. This can enable contractors to only wipe the work profile to protect company data and access while not touching the rest of the user’s phone.

Secure Workstations and Laptops

It has become increasingly more important to do so in order to stay ahead of cybersecurity threats. Take note of the following tips:

• Keep Systems Updated: Running regular Windows updates and keeping the system up to date with security patches is still critical. This goes for your entire IT infrastructure, from the servers and networking equipment, and all the way down to the user devices, such as desktops and laptops.
• Deploy Centrally Managed Antivirus: Coatings contractors should have the same level of protection as other businesses that deal with sensitive data. This includes antivirus that is deployed centrally from a server across all devices on a network. This software needs to be kept updated and scheduled to run regularly.
• Enable 2-Factor Authentication (2FA): This is especially important for jobsites where a device may be accessed by unauthorized personnel. A 2FA service can send a code in a text message or use an authentication app to verify that the user logging in is, in fact, authorized to use the device.

Instill Good Security Habits

Having solid IT security can quickly be overturned by bad habits, such as when a user writes their password on a sticky note. You need a team that understands the importance of security and how they are responsible for its upkeep. Training of employees is an effective step toward this goal. Find a person or a service that can provide this training to your employees, reinforcing positive behaviors and best practices.

A great example of why this is increasingly important is the growing popularity of phishing attacks. If your users aren’t educated in email security practices, it will be more difficult to identify and avoid these attacks, let alone properly deal with them.

Phishing attacks essentially come in one of two varieties: regular phishing, which uses a vague message to fool the largest group of people possible, or spear phishing, which specifically targets an individual and appears to come from a contact that would have reason to reach out to that person. Spotting phishing attacks can be challenging either way, so it helps to question any message that comes in. Here are some questions users should ask:

• Was this message expected? Phishing attacks can look like legitimate emails asking to review invoices and floorplan updates, so be on the lookout for anything suspicious. Think before you click.
• Does it include a request that’s out of the ordinary? If the request doesn’t make sense coming from the supposed sender, or it seems unnecessarily urgent, be suspicious.
• Does the address the message came from make sense? Cybercriminals commonly use subtly altered URLs to fool their targets. If you aren’t sure if one is legitimate, try to confirm it via an Internet search.
• Are there misspellings and grammatical errors? If the email simply sounds fishy, it might be a phishing attempt.
• Does the attachment have an odd filename? While contractors depend on sending files via email, a cybercriminal will also rely on attachments to spread malware. Be wary of attachments.
• Do the links actually go where they claim to go? With phishing attacks, the attacker often counts on the recipient automatically clicking a link without checking to see where it will take them. One simple way to check a link before clicking on it is to hover your mouse over it and to look at the URL that pops up.
• Does the email claim that one of your passwords has been compromised? This is likely a phishing attack trying to leverage scare tactics. Without using any of the links in the email, visit the account that has allegedly been breached and try to confirm it there.

Educating workers to identify threats and encouraging them to be suspicious will go a long way in preventing cybersecurity issues.

Perform Regular Security Audits

Finally, coatings contractors - like any other business - should reevaluate their security solutions on a regular basis. Are there any points that are weaker than others, either due to an infrastructure or software issue or human error? 

On top of regular audits, working with an IT provider will go a long way and prevent extra work and downtime. An IT provider will be able to keep computers updated and ensure backups are happening and antivirus is running.

Not sure where to get started? A local IT provider can make an assessment of your IT and identify your biggest vulnerabilities as well as where your security is strong. This professional evaluation will point you in the right direction toward cybersecurity.

 This article originally appeared in Coatings Pro magazine, and can be read in its original form here.

While contractors should definitely pay attention to these lessons, other businesses can benefit just as much from them as well. The experts at Walsh IT Group suggest a comprehensive assessment of your IT, as this can  This assessment is also free, so it can’t hurt to take advantage of it. To claim yours, visit https://walshitgroup.com/free-consultation and sign up.

To learn more about these solutions, and the other services we offer, make sure you subscribe to our blog. You can also call us at (832) 295-1445 to discuss this with us directly.