Security, internet, email, and risk

Let’s talk about what you don’t want to talk about.  At least once a month, we hear about a hack, a breach, or a compromised action that encompasses secure data, political emails, credit cards, or personal information.  It seems almost unavoidable, and with the construction industry’s continued emphasis on integrating data management systems and mobilizing the work environment, the fight to maintain data security seems ever more crucial.

The newer realm of malware—rather than viruses—has proven to be very lucrative and is, therefore, the predominant risk we have to face every day.  So, what can you do to ensure that neither you nor your firm is held responsible for impacting someone’s safety or security? Understanding the objectives, actions, and risks that surround digital communications is a very good place to start.

What is malware?

Malware can be as simple as a piece of code or computer service that handles code that is responsive to its creator.  Malware opens up the opportunity to retrieve or send bits of information from one device (your computer or network drives) to another person or host.

What is the risk?

• Malware was responsible for the security breaches during the holiday season in 2014 when major retailers had their information stolen.
• One of the largest breaches in 2014 occurred when a mechanical contractor in Pennsylvania submitted a pay app to a big-box retailer.  The contractor did not know his machine was infected. Upon connection from his office to the retailer, the mission of the malware was complete. Data was sent to the malware’s creator indicating where the malware was and asking the creator what to do.
• Have you heard about data being locked into its own computer and being held ransom at the police station, the hospital, the local library, or your aunt’s computer?

All of these things have happened, and all of these things happened due to malware.   Many structural changes have been made to browsers since 2014, and security methods used to manage SSL (the little lock in your web address bar) have evolved.  Still, there is no guarantee of safety or security.

Malware Prevention

When we talk about malware prevention, we talk about IDS and IPS, which stand for Intrusion Detection System and Intrusion Prevention System, respectively.   They sound expensive, right?  How do companies—from small mom-and-pop shops all the way up to corporate stalwarts—handle this?  Let’s look at the range of options.

If you have an anti-virus software, odds are that it has a web plug-in to assist in checking clicks and web pages for malware. I would suggest starting here and making sure that if you are in a three- to ten-computer environment, you review what you have at hand. I am also a fan of MalwareBytes.com and its tools for preventing computer infections.  It is free for personal use or at a low cost for your office.

For the larger offices that have many workstations, laptops, or other devices, there are service options and software options.  Ask your IT professional what option is in place and where you are vulnerable.

What’s coming to our industry?

To mitigate risk and exposure, there are new clauses in insurance policies and compliance reviews.  A technical rider is optional at this point for most construction companies, but I expect it to become mandatory over the coming months and years depending on a company’s area, scope, and size.

What Else?

There are a few common-sense practices that can help protect your systems from attack.

1. If you get an email from ANY service­—website, bank, credit card, etc.—that requires you to a click a link in your email, open a web browser and go directly to the site instead—no shortcuts and no email links.
2. When you receive emails from unknown senders, move them to your spam list instead of unsubscribing. This will reduce the likelihood of you opening something accidentally—as we have all had those days—and also help you avoid any malware embedded in the unsubscribe.
3. Keep your pop-up blocker active and avoid clicking windows that imitate security threats or warnings.  These windows are designed to scare you into making a poor decision. Don’t do it; instead, force-quit the browser.
4. Read carefully when downloading or installing internet software.  Many malware threats are bundled with completely legitimate programs.  If you are not careful about what you are installing and where you are installing it from, you might end up opening the door to the enemy.
5. Lastly, and most importantly, install malware prevention and make sure it is scheduled to run automatically.  If you have installed the software and scanned your computer, don’t assume you are set, as you won’t be protected moving forward.