During the past several months, hacking of computer systems has caused widespread mayhem across a myriad of industries. Roofing companies are not immune, and you should safeguard your systems to avoid disruptions, which can be catastrophic.
According to constructiondive.com, during the past three years, cloud-based email breaches cost U.S. businesses more than $2 billion.
David Anderson, principal cybersecurity consultant at Minneapolis-based CliftonLarsonAllen, told constructiondive.com about 80% of data breaches involve password compromises and an increase in remote work during the COVID-19 pandemic increased opportunities for breaches.
In addition to password compromises, Anderson shared the top ways hackers infiltrate company computer systems:
- Business email compromise. This entails email spoofing where hackers pose as trusted email senders asking recipients to click on links that will allow hackers access to data.
- Domain impersonation. Hackers can purchase domain names similar to your company’s domain name. They simply change a letter to fool recipients into trusting emailers.
- Name dropping. Hackers can create an email address appearing to be a CEO’s email address and ask an employee to buy and mail gift cards to a given address. (This, in fact, happened at NRCA, and I thought NRCA CEO Reid Ribble wanted me to buy several $100 Amazon gift cards. The email looked surprisingly legitimate.)
- Unauthorized access. Another way hackers can gain access is to use a compromised legitimate mailbox to send email.
- Password guessing. Weak passwords that don’t contain a combination of uppercase and lowercase letters, numerals and symbols can fall prey to hackers guessing passwords correctly and entering a system.
To protect yourself against hackers, Anderson recommended these protective measures:
- Enable multifactor authentication on as many accounts as possible.
- Harden your email spam filter.
- Create a strong password policy with long passwords.
- Train employees to look for suspicious emails.
- Keep backups that are isolated from your network.
- Consider cyber insurance.
- Evaluate security controls of third parties.
Better to be safe than sorry!
AMBIKA PUNIANI REID is editor of Professional Roofing and NRCA’s vice president of communications.