Builders under attack! Warning from Australian Cyber Security Centre
If you are a builder considering Cyber Insurance, or upgrading your current Builders Insurance policies to include Cyber Insurance, now might be the time to do so.
The Australian Cyber Security Centre (ACSC) has reported a growing trend of cybercriminals attacking building and construction companies and have now labelled this as a MEDIUM alert.
According to the ACSC, there has been a particular increase in Business Email Compromise (BEC) scams, which essentially consist of fraudulent emails sent by cybercriminals posing as legitimate businesses.
For example, X Construction Company may receive a fake email from someone pretending to be their supplier. This fake email may state that their banking details have changed, and for X Construction Company to send new payments to that nominated account. At first glance, this fake email may appear completely legitimate.
The Australian Financial Review has suggested from research that the construction industry, which is one of the least digitised industries, has become victim to more cyber attacks as it catches up to the cyber economy.
Contributing to this is the fact that the construction industry revolves around project-based payments that include parties that have not worked with each other before.
How to mitigate risks of cyber attacks
As well as suggesting businesses be vigilant with emails and invoicing, the ACSC suggests the following mitigation strategies:
- Verify payment-related requests: If you receive a request to make a large transfer or to change bank account details, you should verify that the request is legitimate before actioning it. Call the sender’s established phone number or visit them face-to-face before transferring any funds.
- Secure your email account: It is recommended that construction companies and related businesses use strong passphrases and enable multi-factor authentication on their email accounts.
- Training and awareness: Ensure that your staff are trained to recognise suspicious emails, including fraudulent bank account changes or requests to check or confirm login details. The latter may be a phishing attack which could compromise account security.
We do recommend that our clients and other business owners reading this article take this seriously. As we reported on JBS paying $11.4 million to resolve a cyber attack, the Nine Network being hacked and how Levitas Capital lost $8.7 million from a fake Zoom call, no business, no matter the size or level of security, is immune to these risks.
As no one security system be 100% fool proof, Cyber Insurance is a cost-effective way to provide you with protection against the potentially significant financial impact of cyber attacks. Please don’t hesitate to contact us if you would like to discuss your Cyber Insurance options, or would like a comparative quote against your current insurance premiums.
This article originally appeared on Crucial Insurance Insights and has been published here with permission.
Advisr does not provide advice and does not hold a financial service license (AFSL). All information above has been provided by Tony Venning.