One can’t go a few days without hearing about a new cyber security vulnerability or reading about another company that had a massive data breach. You can almost say the same thing about phishing in the construction industry, where competent, respected individuals have his/her email account hacked and compromised and are sending out annoying phishing emails. How can you stop this from happening to you?
Phishing is a major problem in the construction industry due to several factors. First, project management requires a level of cross-company coordination and file sharing. Second, technology budgets are razor thin compared to other industries. Third, the level of training is not applicable for most construction companies. Given these challenges what is a person to do in his/her company?
Like most true problems there isn’t a single magic bullet to stop all phishing. However, if you follow these straightforward recommendations outlined below, phishing can be virtually eliminated:
- Hover before you click on a link. To hover, move your mouse over hyperlinked text to show where the link will direct you. On mobile phones, hold the hyperlink until a pop-up displays the link. This is the single most important recommendation and the hardest to follow, since it requires behavior change.
- Never act on demanding emails that you weren’t expecting. Specifically, never enter in your username/password from an email. It doesn’t matter if the email says it’s from your bank, the IRS, or a technology department. Always navigate to the requested site directly.
- Make sure your technology professional is blocking people who pretend to be inside your company.
- Make sure your technology department sends examples of what real phishing looks like and/or performs routine simulations.
If you follow these simple guidelines you can prevent an embarrassing episode of having to contact all customers, vendors and other partners after falling prey to a phishing scam.
Have a question for our experts? Leave your comment below and check out our website for more information.