We were recently published in Coatings Pro magazine, discussing how contractors need to be concerned about cyber threats. While directed towards contractors, the practices we discuss are also applicable to just about any industry.
Take a few minutes and check out our article, originally appearing in the January 2020 edition of Coatings Pro.
When you are working on several projects, dealing with suppliers, managing equipment, and communicating with workers on various jobsites, the last thing you need to get in your way is a computer issue. Unfortunately, cybersecurity issues are on the rise, and just like any equipment, your network and computers need to be maintained to prevent issues that could delay projects.
Today, over 92 percent of malware is delivered through email. This is bad news for a mobilized workforce. Contractors communicate via email and mobile devices, and often need to access files and software remotely to stay effective. This leaves them as prime targets for these types of attacks.
There are numerous ways that any contractor should be protecting their endpoints.
Establish Secure Remote Access
Construction is largely a mobile industry with a lot of work happening on jobsites and away from the office. Coatings professionals in the field will need to be able to access data (such as their emails, files, and calendars) as easily and as securely as they could while in an office.
If you don’t provide a secure way for your crew to access this information, they’re going to figure out how to do it themselves. The difference is that their way is almost guaranteed to not be secure.
Fortunately, by utilizing a Virtual Private Network (VPN), a worker’s device (whether it be a laptop, a tablet, or a smartphone) will be able to connect directly to the home network securely. Data will be encrypted to prevent it from being intercepted, and you can ensure that sensitive information isn’t accessed by others.
Use Mobile Device Management
Mobile devices are now commonly found at the worksite, introducing various other potential issues. What would happen if a worker loses a device or one of your employees walks off the job? Being able to control company data on these devices -- and revoke access to email and sensitive company documents at a moment’s notice -- will prevent data theft and other risks.
These devices and the data on them can be given the nuclear option as well. By implementing mobile device management policies, you give yourself the ability to wipe a device remotely if necessary. This should be implemented whether you provide the device or it belongs to the employee, which you can enforce through a Bring Your Own Device policy. Most modern Android phones have a feature called ‘Work Profiles’ that segments a small portion of an employee’s smartphone off and encrypts it. This can enable contractors to only wipe the work profile to protect company data and access while not touching the rest of the user’s phone.
Secure Workstations and Laptops
It has become increasingly more important to do so in order to stay ahead of cybersecurity threats. Take note of the following tips:
Instill Good Security Habits
Having solid IT security can quickly be overturned by bad habits, such as when a user writes their password on a sticky note. You need a team that understands the importance of security and how they are responsible for its upkeep. Training of employees is an effective step toward this goal. Find a person or a service that can provide this training to your employees, reinforcing positive behaviors and best practices.
A great example of why this is increasingly important is the growing popularity of phishing attacks. If your users aren’t educated in email security practices, it will be more difficult to identify and avoid these attacks, let alone properly deal with them.
Phishing attacks essentially come in one of two varieties: regular phishing, which uses a vague message to fool the largest group of people possible, or spear phishing, which specifically targets an individual and appears to come from a contact that would have reason to reach out to that person. Spotting phishing attacks can be challenging either way, so it helps to question any message that comes in. Here are some questions users should ask:
Educating workers to identify threats and encouraging them to be suspicious will go a long way in preventing cybersecurity issues.
Perform Regular Security Audits
Finally, coatings contractors - like any other business - should reevaluate their security solutions on a regular basis. Are there any points that are weaker than others, either due to an infrastructure or software issue or human error?
On top of regular audits, working with an IT provider will go a long way and prevent extra work and downtime. An IT provider will be able to keep computers updated and ensure backups are happening and antivirus is running.
Not sure where to get started? A local IT provider can make an assessment of your IT and identify your biggest vulnerabilities as well as where your security is strong. This professional evaluation will point you in the right direction toward cybersecurity.
This article originally appeared in Coatings Pro magazine, and can be read in its original form here.
While contractors should definitely pay attention to these lessons, other businesses can benefit just as much from them as well. The experts at Walsh IT Group suggest a comprehensive assessment of your IT, as this can This assessment is also free, so it can’t hurt to take advantage of it. To claim yours, visit https://walshitgroup.com/free-consultation and sign up.
To learn more about these solutions, and the other services we offer, make sure you subscribe to our blog. You can also call us at (832) 295-1445 to discuss this with us directly.