Advanced Email Security for Today's Construction Firms

Combat phishing, fraud, and data theft targeting the construction industry

Construction companies have become targets for phishing and ransomware attacks.

The construction industry is being challenged by continued increases in the volume and sophistication of cyberattacks, particularly phishing, for reasons that include:

  • Extensive partnerships contribute to collective supply chain risk, due to the decentralized and interconnected nature of the construction industry
  • The adoption of internet-based collaborative systems, while driving improved costs and timelines, are opening businesses to new paths for cyberattacks
  • Small- and mid-sized construction firms, which suffer 58% of all targeted attacks in the industry, tend to underestimate their risk and frequently have an outdated security posture, putting themselves and potentially larger partners and customers at risk

To protect construction firms from today's fast-moving, evasive phishing and malware attacks, Cyren's global security cloud identifies new threats in seconds. Our SaaS email and web security services block over 300 million threats a day, and are simple to deploy, configure and manage on an ongoing basis. With cost-effective subscription pricing, you can start protecting your employees and agent immediately:

  • Defend customer and financial data from being compromised by phishing and malware
  • Ensure your employees use the internet safely – regardless of their device or location
  • Protect your buyers and suppliers from data theft and fraud

Resources to protect your business

Email Security Gap Analysis: Aggregated Results

Download report

Buyers Guide for Email Security

Download buyers guide

Office 365 Survey Report

Download report

Why are construction firms being targeted?

Extensive partnerships create risk – The interconnected nature of the construction industry makes email and web threats particularly dangerous. With complex groups of stakeholders, including contractors, subcontractors, partners, vendors, suppliers, and financial entities, the construction supply chain offers many opportunities for criminals to leverage a smaller, less protected business to breach a larger customer.

Outdated security postures create security gaps – Companies relying on outdated security technology are at extreme risk. Endpoint and appliance-based security and online "free" security tools are typically not updated in real time, so new and evolving threats slip through before protection is in place.

New tools are bringing new risks – New technologies are having a dramatic impact on construction, with new tools emerging that changing how firms design, plan and execute projects. The adoption of internet-based systems for everything from email and financing to design, estimating and quality control are improving costs and timelines, but also open firms to new threats.

Unprotected mobile workforce – With an increasingly mobile workforce, employees are no longer confined to a work environment protected by perimeter security. BYOD policies mean that devices with different operating systems are accessing company resources and potentially downloading harmful malware and ransomware that gets passed to others on the network.

10 Steps to Protect Your Construction Business

  1. Automate threats updates to the shortest possible time interval.
  2. Deploy cloud-based email gateway protection from a security provider.
  3. Deploy a web security gateway.
  4. Protect against evasive threats with sandboxing.
  5. Use a password management tool and multi-factor authentication.
  6. Deploy endpoint security with active/behavioral monitoring.
  7. Patch early, patch often.
  8. Back up regularly and keep a copy off-site.
  9. Turn off network shares and unnecessary admin rights
  10. Train users.
Download the report

Advanced SaaS security for construction-related business

Cyren 100% cloud email security service protects construction organizations from cyber threats, stopping phishing and malware attacks seeking to steal sensitive data and commit fraud.

Advanced protection delivered as SaaS
  • Block unknown threats, not just known threats
  • URL time-of-click protection
  • Ransomware outbreak protection
  • Zero-day phishing and zero-day malware defenses
  • Inline sandbox array with patient-zero protection
With powerful security management
  • Intuitive security dashboard with role-based admin
  • Granular security policy management
  • Personal quarantine for users
  • Real-time logging and security reporting

Vendors open door to supply chain phishing attacks

Most cybersecurity breaches in the construction industry begin with a well-crafted spear phishing email that contains a malicious link or attachment sent to a company employee, frequently as a stepping stone to attack other companies. According to the 2018 Verizon Data Breach Report, 93% of all breaches of corporate systems begin with some form of phishing, and several famous examples underscore the "supply chain risk" in the construction industry.

Phishing attack exposes construction workers' PII – In a data breach in 2016 affecting workers across the country, an employee at Turner Construction fell victim to a spear-phishing scam in which the entire database of personally sensitive employee information, including W-2s and social security numbers, was sent to a spoofed email account created by cybercriminals.

Construction contractor gets blueprints hacked – In 2013, blueprints for a new multi-million dollar Australian Security Intelligence HQ building were stolen by hackers via a construction contractor, exposing not only building layouts, but also the location of communication and computer networks.

Target credit card hack started with supplier email – The infamous Target breach-in which 40 million credit and debit cards were hacked-began with one employee at an HVAC company opening an email attachment containing malware that captured system passwords, including those for partners like Target. The hackers stole highly sensitive data from Target and cost the company $202 million.

Home Depot hacked exposed 56 million cards – Another high-profile hack that began with a vendor in the supply chain is the masive 2014 Home Depot hack. This hack stole the details of 56 million credit and debit cards and 53 million email addresses.

Top construction and building industry security risks

Loss of sensitive corporate data – spoofed email and copycat websites can trick users into sharing information, such as employee data, customer contact data, intellectual property, financial account information or transaction data.

Business interruption – Construction and building are driven by production schedules and completion dates to ensure profitability. It only takes one phishing or malware attack to have a detrimental effect on production and completion.

Financial fraud – Business email compromise attacks and imposter emails may attempt to divert money to criminally-controlled accounts. Lost revenue can also result in reputation damage and lost customers.

Reputation and loss of business – Construction companies risk reputation damange and loss of clients if the company is used as the point-of-entry for a larger cyberattack. Cybercriminals will often use small stakeholder businesses to initiate a hack into a larger company.

Learn more about Cyren cyber security products

25B Security Transactions Daily

1.3B Users Protected

300M Threats Blocked Daily