Key threats to Construction Firms & Their Advisors (Law firms, CPAs, etc)

  1. RANSOMWARE – WannaCry, Peyta, Cryotowall, etc. ONSITE & CLOUD backups are your best defense.
  2. WEAK PASSWORDSPeople WILL use weak passwords. Help them by adopting TWO-FACTOR authentication (e.g. DUO, Google Auth, etc) and password managers (Lastpass Enterprise)
  3. Outdated Systems – Some people are still running Windows XP, Windows Server 2003, Windows Vista, outdated OSX, Timberline 13.x, etc. Using outdated systems is, in most cases, indefensible.
  4. Outdated Security Practices – old firewalls, shared passwords, passwords stored in Excel, Word or Outlook.
  5. Lack of Security Reviews – You file taxes every year, hopefully you change your toothbrush every 6 months. Get your prostate checked, and your IT systems reviewed at least every 18 months.
  6. TOO MUCH TRUST – Firms still let guests, subs, contractors, etc login to the company wifi (or plug into network jacks). We still see unverified subs show up in jobsite trailers.  This is a cultural challenge.  Drywall companies think they’re drywall installers, not technology based businesses.  Target was attacked via HVAC.  NotPetya via MEDOC accounting platform.
  7. “SMART DEVICES” – Smart TVs, conference room systems, smart lights, Alexa, Siri, XBOXONE, etc. If the device is smart, the buyer is (usually) …
  8. STATUS QUO – We’ve been doing it this way for the past 3/5/10 years

CASE STUDIES:

  • A Maine-based construction firm got infected with the Zeus Trojan virus and $588,851.26 was transferred from their accounts. Their bank recovered $243,000 but Patco was on the hook for $345,000.  Patco was dragged through three years of lawsuits by their bank before the case settled.

“We had hundreds of thousands of dollars in legal fees,” says Patterson. “So even after we got the $345,000 back, we lost hundreds of thousands.

  • Ubiquiti Networks was scammed out of $47M by scammers “employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department.“
  • SimpliSafe transmits PIN in clear
  • WiFi enabled doorbell…open for all
  • Comcast Xfinity’s Security System Flaws Open Homes to Thieves
  • 75% of cars stolen in France…hacked

Educating family, friends & staff:

  1. https://www.youtube.com/watch?v=HpOg1Sgmpok
  2. https://www.brainlink.com/hacking-ransom/
  3. https://www.brainlink.com/tv/
  4. https://www.brainlink.com/newsletter/

Raj’s TOP 7 tips:

  1. Enable 2Factor Authentication & Password Manager
  2. Test your DISASTER RECOVERY (DR) & BUSINESS CONTINUITY (BCP) Plans
  3. Keep an eye on your $$$
    1. Realtime alerts on Credit Card, Debit Card & Banking Activity
  4. Upgrade Your IT – you DID budget for this, right?
  5. Insure Your Business
  6. Educate your team (to use COMMON SENSE!!)
  7. Engage Brainlink

When it comes to BUYING TECHNOLOGY, ARE YOU SMARTER THAN DICK CHENEY???