The largest cyberattack in the history of the world was executed last Friday, May 12, 2017. The threat, dubbed Wanna Cry, has reportedly affected over 200,000 users in 150 countries so far. With the open of business this Monday morning, those numbers were expected to climb. Sadly, this type of news, in a quite general sense, is nothing new, and with the construction industry’s continued emphasis on integrating data management systems and mobilization of the work environment, the fight to maintain data security proves ever more crucial. The newer realm of malware—rather than viruses—has proven to be very lucrative and is therefore the predominant risk we have to face every day. So, what can you do to ensure that neither you nor your firm is held responsible for impacting someone’s safety or security? We think that understanding the objectives, actions, and risks that surround digital communications is a very good place to start.
Malware can be as simple as a piece of code or computer service that handles code that is responsive to its creator. Malware opens up the opportunity to retrieve or send bits of information from one device (your computer or network drives) to another person or host.
Ransomware is a type of malware that encrypts the user’s data, preventing the user from accessing the same until a ransom has been paid. The Wanna Cry ransomware is unique in that it is embedded with a Worm.
A Worm is a type of ransomware that replicates itself in order to spread itself to other devices on your network.
Malware Prevention When we talk about malware prevention, we talk about IDS and IPS, which stand for Intrusion Detection System and Intrusion Prevention System, respectively. They sound expensive, right? How do companies—from small mom-and-pop shops all the way up to corporate stalwarts—handle this? Let’s look at the range of options.
If you have an anti-virus software, odds are that is has a web plug-in to assist in checking clicks and web pages for malware. I would suggest starting here and making sure that if you are in a 3- to 10-computer environment, you review what you have at hand. I am a fan of MalwareBytes.Org and its tools for preventing computer infections. It is free for personal use or at a low cost for your office.
For the larger offices that have many workstations, laptops, or other devices, there are service options and software options. Ask your IT professional what option is in place and where are you vulnerable.
What’s coming to the Construction Industry? To mitigate risk and exposure, there are new clauses in insurance policies and compliance reviews. A technical rider is optional at this point for most construction companies, but I expect it to become mandatory over the coming months and years depending on a company’s area, scope, and size.
Other Tips and Tricks There are a few common-sense practices that can help protect your systems from attack.
1. If you get an email from ANY service—website, bank, credit card, etc.—that requires a click from your email rather than a link in the email, open a web browser and go directly to the site—no shortcuts and no email links.
2. When you receive emails from unknown senders, move them to your spam list instead of unsubscribing. This will reduce the likelihood of your opening something accidentally—as we have all had those days—and also help you avoid any malware embedded in the unsubscribe link.
3. Lastly, and most importantly, install malware prevention and make sure it is scheduled to run automatically. If you have installed the software and scanned your computer, don’t assume you are set, as you won’t be protected moving forward.