The cost of cybercrime to construction businesses is growing fast

Have you taken the simple steps needed to protect your identity, email, banking and business data from identity thieves, hackers or ransomware?

Scammers are targeting builders because they are more likely to send invoices for large one-off amounts that can be redirected to their own accounts.

Hackers recently took control of a number of Kiwi builders’ email accounts, sent out fake invoices and stole thousands of dollars from clients.

The reality is this:

  1. You’re now more likely to become a victim of a cyber-attack than a burglary.
  2. It’s the second most reported crime in the world.
  3. Cybercrime cost New Zealanders more than $177m in 2017, more than 1 in 3 adults were affected.

All it takes is to click on a link in an email, on a website that looks legit or through a Facebook post and you’ve infected your computer or mobile device. Hackers will sit inside your computer system, often for months, observing your activity before they act. They will then shut down your system and demand a ransom, often in the thousands of dollars, to release your files. Or target your customers and redirect large payments to their own accounts.

There are simple steps you can take to minimise your risk of exposure to a cyber attack, including some basic training for you and your staff.

Business tips:

  1. Have up to date virus, firewall and malware software running. Microsoft provides a free product and there are other well-known providers such as Norton, McAfee and Kaspersky.
  2. Have a password set up on your computer and pin for your phone.
  3. Make sure you have a strong email password and that it is different to your internet banking. Consider a bank that only uses two factor authentication.
  4. Train staff and others who may have access to your devices to recognise dodgy emails and posts and not to click on them.
  5. Train staff not to share passwords and log in details.
  6. Back up all your files to an external drive or the cloud. You can schedule these in Windows or have your IT provider set one up for you.
  7. Train accounts staff not to make payments to overseas accounts or if they’re unsure about the origin of the invoice.
  8. Don’t change supplier bank account details without verifying this directly with the supplier first.
     
It’s better to have a long password that you can remember than a short complicated one. For example, try using a phrase that you’ll remember: mydogsnameisparatrooper
 

There is also good insurance available, which provides immediate professional support to get you up and running after an attack quickly, as well as reimbursing your losses.

Personal tips:

  1. Don’t give out personal information, either over the phone, personally or online unless you are certain that the person or organisation, you’re giving it to is legit.
  2. Dispose of personal information securely. e.g. shred papers (including bank statements and utility bills) and wipe/remove/reset hard drives and phones before selling or disposing of them.
  3. Reduce the amount of identification documents that you carry around, including what you leave in your car on a daily basis. These are valuable items.
  4. Check bank and credit card statements for unauthorised transactions. Report any discrepancies or unauthorised activity to the bank or card issuer immediately.
  5. Be very wary of how much personal information you post online. Personal information can be misused in many ways by identity thieves, some of whom trawl websites.

Just in the same way you wouldn’t leave your house or car unlocked, or your tools lying unattended, don’t leave access to your personal information or business systems vulnerable to hackers or identity thieves who will easily exploit them.

by Ben Rickard
Builtin Insurance Advisor