Hackers Are Targeting Small Construction Companies And Other Invoice-Heavy Businesses P. 1
The Business Owner’s Guide To IT Support Services And Fees P. 2
Donald Miller Explains How To Talk About Your Business So Customers Will Listen P. 3
This monthly publication is provided courtesy of Dewayne Chappell, President of Divergys. OUR MISSION:
HACKERS ARE TARGETING SMALL CONSTRUCTION COMPANIES AND OTHER INVOICE-HEAVY BUSINESSES “As a business owner, you don’t have time to waste on technical and operational issues. That’s where we shine! Call us and put an end to your IT problems finally and forever!”Dewayne Chappell
From2023to2024,attackson constructioncompaniesdoubled,making up6%ofKroll’stotalincidentresponse cases,accordingtothe2024CyberThreat Landscapereportfromrisk-advisoryfirm Kroll.ExpertsatKrollnotethattheuptick couldbedrivenbyhowworkiscarried outintheindustry:employeesworkwith numerousvendors,workremotelyvia mobiledevicesandoperateinhighpressureenvironmentswhereurgencycan sometimestrumpsecurityprotocols.Allof thesefactorsmaketheconstruction industryripeforacyber-attack.
Ripe For Hackers Businesse-mailcompromise(BEC)–fake e-mailsdesignedtotrickemployeesinto givingawaymoneyorsensitive information–madeup76%ofattackson constructioncompanies,accordingto
Kroll.Thesee-mailslooklikedocumentsigningplatformsorinvoicestosocially engineerusersintogivingaway information.
These tactics are having a higher success rate in smaller construction companies for a few reasons:
They deal with a lot of suppliers and vendors. Construction companiesworkwithmanysuppliers andvendors,andeachvendorcanbe aweakspotthathackerscanexploit. Forexample,ifahackergetscontrol ofavendor’se-mail,theycansend fakeinvoicesthatlookreal,tricking businessesintosendingmoneytothe hacker’saccountinstead.Multiplythat bythenumberofvendorsyouwork
with,andthat’salotofpotentialentry pointsforahacker.
They use frequent mobile sign-ins. As trulyremoteworkers,construction employeesrelyonmobiledevicestosign intoaccountsandcommunicatefrom anywhere.Thismobileaccessibility,while convenient,alsoincreasestheriskbecause mobiledevicesaretypicallylesssecurethan desktopsorlaptops.
Theyworkinahigh-stakes,high-pressure environment.Inindustrieswheredelays canbecostly,suchasconstructionorhealth care,employeesmayrushtoprocess invoicesorapprovetransactionswithout thoroughlyverifyingtheirlegitimacy.This urgencyispreciselywhatattackerscount ontogetaroundstandardsecuritychecks.
Your Industry Could Be Next Constructioncompaniesarenottheonlyones experiencingmoreattacks.Small manufacturingcompanies,highereducation institutionsandhealthcareprovidersthatlack therobustsecurityinfrastructureoflarger industryplayersarealsoexamplesofindustries seeingariseincyber-attacks.Theseindustries, likeconstruction,dealwithnumerousvendors
andurgentinvoices,makingthemprime targetsforbusinesse-mailcompromiseand invoicefraud.
HowToProtectAgainstBECAnd InvoiceFraud 1.UseMultifactorAuthentication(MFA) AccountsthatuseMFAare99%lesslikelytobe attacked,accordingtotheCybersecurityand InfrastructureSecurityAgencyMFArequires multipleformsofverificationbeforegranting accesstosensitiveinformation.Evenifhackers obtainlog-indetails,theycan’taccessaccounts withoutthesecondcredential,typicallya mobiledeviceorabiometricscan.
2.AlwaysVerifySupplierInformation Oneofthesimplestyetmosteffectivemeasures istoverifytheauthenticityofinvoicesand supplierinformation.Establishaprotocolwhere employeesarerequiredtodouble-checkthe detailsofanyfinancialtransactionsdirectlywith thesupplierthroughaknownandtrusted communicationchannel,suchasaphonecall.
3.KeepEmployeesTrainedOn CommonAttacks Employeetrainingisavitalcomponentofa comprehensivecybersecuritystrategy.Regular trainingsessionsonrecognizingsocial engineeringandphishingattemptsand understandingtheimportanceoffollowing
FREE REPORT DOWNLOAD: You’lllearn:
ThethreemostcommonwaysITcompanieschargefor theirservicesandtheprosandconsofeachapproach AcommonbillingmodelthatputsALLTHERISKon you,thecustomer,whenbuyingITservices;you’lllearn whatitisandwhyyouneedtoavoidagreeingtoit Exclusions,hiddenfeesandother“gotcha”clausesIT companiesputintheircontractsthatyouDON’Twantto agreeto
Howtomakesureyouknowexactlywhatyou’regetting toavoiddisappointment,frustrationandaddedcostslater onthatyoudidn’tanticipate
verificationprotocolscanempoweremployees toactasthefirstlineofdefense.The InformationSystemsAuditandControl Associationrecommendscybersecurity awarenesstrainingeveryfourtosixmonths. Aftersixmonths,employeesstarttoforget whattheyhavelearned.
4. Maintain Strong Cyber Security Practices Cybercriminalsregularlyexploitoutdated softwaretogainentryintosystems.Small businessescanclosethesesecuritygapsby keepingsoftwareup-to-date.Investingin robustantivirusandanti-malwaresolutions canhelpdetectandstopattacksbeforethey getintoyoursystems.
You’re A Target, But You Don’t Need To Be A Victim Hackersareincreasinglytargetingsmall, invoice-heavyindustrieslikeconstruction, manufacturingandhealthcareduetotheir inherentvulnerabilities.Byunderstandingthe reasonsbehindtheseattacksand implementingrobustcybersecuritymeasures, smallbusinessleaderscanprotecttheir organizationsfrombecomingeasytargets. UtilizingMFA,maintainingstrongcyber securitypractices,verifyingsupplier informationandtrainingemployeesare essentialtostoppingattacks.
It’sreally,reallyhardtograbpeople’sattention today.Customersarebusyandinundatedwith choices,makingithardforbusinessestostand outDonaldMillerempathizesHeknewpeople lovedhisbookBuildingAStoryBrand–afterall, hesoldmillionsofcopiesButwhenMiller decidedtotourandfill700theaterseatsfora speakingengagement,halfremainedempty“I learnedthatI’mgoodatwritingthe300pages butnotverygoodatwritingthesentencethat makesyouwanttoreadthe300pagesIt’stwo differentskillsets,”Millerexplainedtobusiness leadersatarecentindustryconference.
Doyouknowhowtocommunicatethevalueof yourproductsorservicessocustomersbuyagain andagain?Mostofusdon’tThat’sbecausewe prioritizecreativityandclevernessoverclarity Millerarguesthatnodollarspentonbranding, colorpalettes,logosorwebsiteredesignswill helpifyouaren’tclearaboutyourmessage. Why?Becausehumanbrainsarehardwiredfor twothings:
whodothesamethingforaliving.Youask personA,“Whatdoyoudo?”Theysay,“I’m anat-homechef.”So,youaskquestionsabout wheretheywenttoschool,theirfavorite recipes,etc.Then,youmeetpersonBandask thesamething.Theyrespond,“Youknowhow mostfamiliesdon’teattogetheranymore?And whentheydo,theydon’teathealthy?I’man at-homechef.”
Whodoesmorebusiness?PersonB,becausethey toldastoryabouthowtheysolvedaproblem. Humanslovestories;it’swhywebinge-watch goodtelevision.Goodstorieshavethesamecore structure,andMillerexplainshowyoucanuseit totellthestoryofwhyyourbusinessistheone customersshouldchoose.
Identifyyourhero’s(customer’s)problemand talkaboutitalot.Whensomeoneasks,“What doyoudo?”don’ttellthem.Startbydescribing theproblem.Spend75%ofyourtimetalking aboutyourcustomer’sproblembecausethat triggersthepurchase.
Wedon’thavetimeorenergytoprocess unnecessaryinformation;weonlybuywhat helpsusgetahead“Ifyouconfusepeopleabout howyoucanhelpthemsurvive,you’lllose,” Millersays
Tell A Story “Thefirstthingwehavetounderstandisthat peoplebuyproductsonlyafterreadingwordsor hearingwordsthatmakethemwanttobotherto buythoseproducts,”Millerexplains
Let’ssayyoumeettwopeopleatacocktailparty
Introducethemtotheguide(you).Thekeyto beingaguideistolisten:“I’msorryyou’regoing throughthat.Itsoundsverystressful.”Then,be competent:“Ifeelyourpain,andIknowhowto getyououtofthishole.”
Givethemaplan.Thisisanactivecalltoaction, like“Buynow”or“Scheduleacall.”Youmust challengetheherototaketheactionthatleads tosuccess.
Remember,thestoryyou’retellingisnotabout you.It’saboutyourcustomer,thehero.Once youhaveyourmessage,distillitintoshort, simpleandrepeatablesoundbites.“Itworks everysingletime,”Millersays,“becausethe humanbraincannotignoreastory.”
Pocket Projector Takemovienighttoyourbackyard, park,campsiteorwherever adventuretakesyou TheELEPHAS 2024MiniProjectoroffers impressivefeaturesinacompact, smartphone-sizeddeviceatan affordableprice Theprojectorhas 1080pHDresolutionforclearand detailedimages,usesaheat dissipationsystemtoreducefan noiseandhasabuilt-inhi-fi speakerthatoffersexcellentsound qualitywithoutexternalspeakers It alsoincludesUSB,HDMIandAV portsandiscompatiblewith laptops,PCs,TVboxesand smartphones.Youcaneven connectitdirectlytoyourAmazon FireStickorRokuStreamingStick Withacarrybagandminitripod, theELEPHASMiniProjectoris high-quality,portableviewingso youcantakefamilymovienight anywhere.
SHINY NEW GADGET OF THE MONTH
VPNS ARE NOT AN INVISIBILITY CLOAK (Don’t Use Them Like One) BROAD BAND TECH TIP Cybercriminals are targeting online sellers with advanced chatbots and payment scams. Be cautious when interacting with chatbots, even if the representative is a real person and not an automated bot. In addition, never provide your banking details over live chat.
Avirtualprivatenetwork(VPN)isessentialfor modernofficeworktocreateasecure,encrypted connectionbetweenyourdeviceandaremote server,allowingyoutoworkfromanywherewhile protectingsensitivedata.VPNsarealsogaining popularityforpersonalbrowsingbyrouting Internettrafficthrougharemoteservertomask yourIPaddress.It’slikeagatedtunnelonlyyou canenter,whichishandyforaccessingregionrestrictedstreamingservicesorcontentand protectingdatawhenusingpublicWiFi.
However,somepeopleconfuseVPNswithan invisibilitycloak,believingthatanythingtheydo onlinewhileusingaVPNishidden.Thatisnot thecase.SomeVPNserviceslogyourdata(which canbeleaked,hackedorsold),andthereareother wayscybercriminalscantrackyouonline. UnderstandwhatVPNsdoanddon’tdosoyou aren’tputtingyourselfatunnecessaryrisk.
What VPNs Do (And Don’t Do) VPNsareexcellentforenhancingprivacyand security. They DO:
HideyourIPaddress,makingitharder forwebsitesandadvertiserstotrackyour onlineactivities.
EncryptyourInternettraffic, safeguardingsensitiveinformationlike passwordsandbusinesscommunications.
By Claire L Evans
In tech, there are stories we hear all too often: a major company got hacked, Meta dealing with yet another lawsuit or Google implementing some new security measure However, there’s one story we don’t hear enough: pioneering women in tech Much like Hidden Figures and Rise of the Rocket Girls, Broad Band by Claire L. Evans uncovers the pivotal yet overlooked contributions of female pioneers who shaped the Internet
Evans vividly narrates the achievements of visionaries like Grace Hopper and Elizabeth “Jake” Feinler, showcasing their revolutionary work in computing and online networks. Evans sheds light on these hidden figures, inspiring a new generation to recognize and celebrate the women behind technological advancements Broad Band is an essential, enlightening read that helps redefine the true history of technology
Allowaccesstogeo-restricted content,whichcanbebeneficialfor businessresearchoraccessing region-specificservices.
Despitetheseadvantages,VPNshavelimitations. They DON’T:
Makeyoucompletelyanonymous. WhileyourIPaddressishidden, websitescanstilltrackyouusingcookies andothertrackingmethods.
Protectyoufrommalwareorphishing attacks.AVPNcannotfiltermalicious content,soyoustillneedrobustantivirus softwareandcybersecuritypractices.
Preventalldatalogging.SomeVPN providersmaylogyourdata,sochoose onewithastrictno-logspolicy.
Warning: Avoid Free VPNs! FreeVPNsaredangerous.Manyfreeserviceslog yourdataandsellit,underminingtheveryprivacy you’retryingtoprotect.FreeVPNsmayalsohave weakerencryptionstandards,exposingyoutomore risks.AlwaysoptforreputableVPNproviderswith clearprivacypoliciesandtransparencyabouthow theyuseyourinformation.
How To Use A VPN Responsibly Choose A Reputable Provider: LookforVPN serviceswithstrongprivacypolicies,good reviewsandtransparencyabouttheirdatahandlingpractices.
Enable Kill Switch: Thisfeatureensuresyour InternetconnectionisseverediftheVPN connectiondrops,soyourdatawon’tbeleaked.
Update Regularly: KeepyourVPNsoftware updatedtobenefitfromthelatestsecurity improvements.
Combine With Other Security Steps: To maximizeprotection,useaVPNwithantivirus software,firewallsandgoodcybersecurity hygiene.
UnderstandingVPNcapabilitiesandlimitations ensuresyouusethemeffectivelyandresponsibly, protectingyourdatawithoutrelyingonafalsesense ofinvisibility.
DON’T FORGET TO CHANGE NEW-HIRE PASSWORDS Tokeepthingssimple,employersoftencreate easy,temporarypasswordsfornewhirestologin toaccountsordevicesduringtheirfirstfewdays. However,aSpecopsanalysisofmillionsof passwordsfoundthat120,000usedcommonwords relatedtonewemployees,meaningthenew-hire passwordswereneverchanged.Hackersknowthis andusethesesimplepasswordstructuresinbrute forceattacks.Themostcommonlycompromised
passwordsonnewaccounts areuser,temp,welcome, change,guest,starter, logonandonboard.Look
familiar?Preventthismistake byforcingchangeatlog-in(ifpossible),using aservicelikeFirstDayPasswordoran authenticatorappormakinganew-hirepassword REALLYhard.
