Cyber breaches are big news. Large corporations get hacked withalarming frequency, and hundreds of thousands of consumers arevulnerable. You may not think your architectural, engineering orcontracting firm is at risk, but that is simply not the case.

Building information modelling (BIM) and computer-aided design(CAD) are in widespread use. These tools, while they improveefficiency and quality, also increase the risk of a cyber-attack.There have been well-publicized cyber-attacks on solar panelinstallation contractors, HVAC contractors, manufacturers andretailers of building products, fence contractors, and many otherfirms across the industry.

Customer information, intellectual property and your firm’sfinancial information are all at risk. Social engineering andphishing scams can defraud your company of thousands of dollars.Your firm could experience damage to your reputation, businessinterruption or construction delays, and lawsuits by affectedclients.

Small businesses are increasingly atrisk

Large corporations are not the only ones affected. According tointernational cyber security and anti-virus provider Kaspersky Lab, small businessesfaced eight times more ransomware attacks in the third quarter of2016 than in the same quarter last year. The average cost of acyber-attack on a small business is $690,000, according to Ponemon Institute. Notably, theNational Cyber SecurityAlliance found that 60 percent of small businesses close theirdoors within six months of a cyber-attack.

There are steps you can take to help keep your customer and company data safe. Enactthese policies to prevent data breaches and protect yourself.

Security essentials

• Open-access Wi-Fi networks (those without passwords) are primetargets for scammers. Make sure your network ispassword-protected.
• When logging into email or other secure sites, make sure theURL starts with https://. This indicates a secure site. A site thatstarts with http:// (no ‘s’) is not secure.
• When you’re using your computer or tablet in a public space,shield your login screen and other sensitive content from pryingeyes.
• Don’t leave your laptop, tablet or phone unattended wheresomeone can grab it and all the data it contains.
• Disable the automatic check-in feature of your phone. Thisfeature can reveal personal habits and sensitive information.
• Don’t give strangers without proper credentials access tosecure areas in your building.
• Lock your computer when you leave your office, desk or workstation.
• When you’re sending a confidential document to a colleague orclient, encrypt it before you email it. Then email the encryptionpassword in a separate email. This is safer than uploading it to apassword-protected cloud sharing app, or mailing a CD.
• When possible, use a corporate VPN to establish remoteconnections to business systems.
• Make sure your firewalls are regularly updated with the latestsecurity patches.

Email security

• If you receive an unsolicited email, verify its authenticity.Company logos are easily copied by scammers, so don’t assume that alogo means an email is from the company it purports to befrom.
• Reputable companies generally don’t use public email serviceslike Gmail and Yahoo, so emails from these domains should becarefully scrutinized.
• Beware of requests to supply or “verify” account numbers orsensitive information.
• Don’t click on links in unsolicited emails. If you think themessage is legitimate, go to the company’s website and log in fromthere.

Social engineering

Social engineering attacks pose a significant threat to data andsystems. These are attacks in which scammers trick people intogiving them access to sensitive information. Rather than breakinginto your network, these scammers will try to get you to hand overthe information willingly by making you think they’re someonethey’re not.

Here’s what you need to know about these kinds of attacks:

• Fraudulent communications like phishing emails and smishing(fake SMS or text messages) trick users into clicking on links thatcan infect their computers with viruses or activate bots thatcollect sensitive information. Don’t click on a link unless you areabsolutely certain the message is legitimate.
• Social engineers troll social networks to learn personalinformation and details and then use this information to try tohack into their accounts.
• Common social engineering tactics include:|
  • Strange links in posts
  • Unexpected popups
  • Pirated media with embedded malware
  • Messages offering rewards for contests you did not enter
  • Fake social media profiles, pages or groups
  • Apps or games requesting access to your profileinformation

Social engineering attacks can also happen over the phone, witha caller requesting sensitive data, or in person by a contractedemployee trying to gain access to your network.

Mobile device safety

• Four-digit PINs are relatively easy to break, especially ifthey are birthdays or anniversaries. Use a six-digit PIN instead.Fingerprint trails can reveal swipe patterns, so use a complexswipe pattern and clean your screen regularly. Alphanumericpasswords and fingerprint IDs are more secure.
• Back up your device to a computer or cloud service. Useencrypted backup options for added security.
• Consider an app that wipes the contents of your device if it isever lost or stolen.
• Turn off your camera’s geotagging function, as it givesscammers information about your location.
• Be careful when connecting to Bluetooth with your mobile deviceas you may be giving those nearby access to your device when youconnect.

Insurance

• Verify that your business liability insurance policy includescoverage for breaches of corporate confidential information.
• Purchase a policy that affirmatively covers funds stolen fromyour customers’ bank accounts.
• Make sure your policy has a limit of at least $2 million in theaggregate for privacy breach costs.

If you use a phone app for mobile time tracking, work on systemdesign or installation for smart building, or collect data orstream from drones, you could be putting your company at risk.Professionals in the construction industry are as susceptible asanyone else to cyber-attacks. Know how to protect yourself and talkto your employees about this growing threat. Taking theseprecautions will help reduce your risk of becoming a victim of acyber-attack.

Related: Data obstacles hamper cyber insurancegrowth

Daniel Gmelin is the National Architects and EngineersProduct Head at Hiscox, the international specialist insurer. Hecan be reached at [email protected].