Home > Archive > September 2021 Issue >

Safeguard your company

Hackers easily can breach computer systems unless you take proper protective steps

by Ambika Puniani Reid

During the past several months, hacking of computer systems has caused widespread mayhem across a myriad of industries. Roofing companies are not immune, and you should safeguard your systems to avoid disruptions, which can be catastrophic.

According to constructiondive.com, during the past three years, cloud-based email breaches cost U.S. businesses more than $2 billion. David Anderson, principal cybersecurity consultant at Minneapolis-based CliftonLarsonAllen, told constructiondive.com about 80% of data breaches involve password compromises and an increase in remote work during the COVID-19 pandemic increased opportunities for breaches.

In addition to password compromises, Anderson shared the top ways hackers infiltrate company computer systems:

  • Business email compromise. This entails email spoofing where hackers pose as trusted email senders asking recipients to click on links that will allow hackers access to data.
  • Domain impersonation. Hackers can purchase domain names similar to your company’s domain name. They simply change a letter to fool recipients into trusting emailers.
  • Name dropping. Hackers can create an email address appearing to be a CEO’s email address and ask an employee to buy and mail gift cards to a given address. (This, in fact, happened at NRCA, and I thought NRCA CEO Reid Ribble wanted me to buy several $100 Amazon gift cards. The email looked surprisingly legitimate.)
  • Unauthorized access. Another way hackers can gain access is to use a compromised legitimate mailbox to send email.
  • Password guessing. Weak passwords that don’t contain a combination of uppercase and lowercase letters, numerals and symbols can fall prey to hackers guessing passwords correctly and entering a system.

To protect yourself against hackers, Anderson recommended these protective measures:

  • Enable multifactor authentication on as many accounts as possible.
  • Harden your email spam filter.
  • Create a strong password policy with long passwords.
  • Train employees to look for suspicious emails.
  • Keep backups that are isolated from your network.
  • Consider cyber insurance.
  • Evaluate security controls of third parties.

Better to be safe than sorry!

AMBIKA PUNIANI REID is editor of Professional Roofing and NRCA’s vice president of communications.

COMMENTS

Be the first to comment. Please log in to leave a comment.