Sign in Subscribe
2 min read Q&A

Think you’re too small for a cyberattack? Think again.

Phishing and fraud are rising—here’s how contractors can stay secure
Think you’re too small for a cyberattack? Think again.
(Courtesy Jason Kosek)

Cybercrime is a growing threat to small businesses, including contractors and specialty trades. Knowing what the tactics are and how to mitigate risks is crucial to safeguarding your company, employees and clients. Attorney Jason Kosek, a shareholder with the Anderson Kill law firm, offers his advice on how to protect your enterprise. 

—Interview by Margot Lester, edited by Bianca Prieto

What's the most important thing we should know? 

Cybersecurity is a moving target, as today's most prevalent cyber threats will evolve. Construction companies face dynamic challenges in the cyber landscape and must be prepared for anything. Even a robust plan today will eventually become insufficient. Strengthening cybersecurity is as critical as maintaining a robust construction contract, as it offers numerous benefits, including protection against financial losses and operational disruptions. Construction companies should secure comprehensive cyber insurance coverage and review their policies annually to ensure they remain fully protected against evolving threats.

Besides insurance policies, what else should we review? 

Contractors must understand the cybersecurity requirements outlined in their contracts with project owners, as well as specific obligations for federal contracts. Since 2016, the federal government has mandated that all federal contractors comply with NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This standard establishes essential security controls for contractor information systems that process or store Federal Contract Information or Controlled Unclassified Information/Covered Defense Information, ensuring the protection of sensitive data in nonfederal systems. 

What else can we do?

One critical step construction companies must take at the end of the year is to establish protocols to prevent falling victim to social engineering attacks. This requires implementing multi-step verification protocols and making phone calls to known points of contact to ensure payments are legitimate and directed to the correct parties. Be knowledgeable about what your cyber insurance policy requires you to do, draft a compliance script to meet those requirements, and ensure ongoing adherence to avoid coverage gaps or claim denials.

What's the most imminent cybersecurity threat facing contractors? 

The most significant cyber threats facing the construction industry are variations of phishing, spoofing, fraudulent fund transfers and social engineering attacks. For example, malicious actors send fake invoices to construction companies, demanding payment. Unknowingly, these companies often pay the bad actors instead of legitimate subcontractors or contractors. These incidents lead to payment disputes, work disruptions and costly delay damages.

What's the first thing we should do in the event of a cyber attack?

Contractors must promptly report any cyberattack to the FBI, as timely reporting increases the likelihood of recovering stolen funds. When notifying their insurance company of a cyber incident, contractors should confirm that they have already contacted the FBI to strengthen their claim and demonstrate compliance with policy requirements.

How can an attorney help us be more cyber-aware?

Attorneys play a vital role in keeping your construction company informed about the latest cyber threats and tactics designed to harm your business. They can ensure your insurance policies provide appropriate coverage for the types of losses construction companies face today. Additionally, attorneys can assist in drafting compliance scripts to meet insurance policy requirements, preventing coverage exclusions due to non-compliance. They can also help craft construction contracts with cybersecurity risks in mind, ensuring comprehensive protection against potential liabilities.

Thanks for reading today's edition! You can reach the newsletter team at thelevel@mynewsletter.co. We enjoy hearing from you.

Interested in advertising? Email us at newslettersales@mvfglobal.com

Was this email forwarded to you? Sign up here to get this newsletter once a week. 

The Level is curated and written by Margot Lester and edited by Bianca Prieto.

Published by:

You might also like...

Oct
24
Radio ads: Your new power tool

Radio ads: Your new power tool

A North Carolina builder found success using old-school marketing tactics
2 min read
Oct
16
Sustainability isn’t a cost, it’s a win

Sustainability isn’t a cost, it’s a win

Women in Construction Tech co-founder Julieta Moradei on what's to come in sustainable construction
2 min read
Oct
02
The smarter way to build

The smarter way to build

How off-site construction is solving labor shortages, cutting waste and raising performance standards
3 min read
Sep
25
‘No one else is coming to the rescue’

‘No one else is coming to the rescue’

ACG of America VP talks recruitment and workforce challenges
3 min read
Sep
22
Tough year, big opportunities ahead

Tough year, big opportunities ahead

NAHB's Robert Dietz shares the trends hiding in plain sight and where to focus now
3 min read