How architecture firms can protect themselves from ransomware
- 6th May 2020
- Posted by: Mark Dodds
- Category: AEC, Business, Technology
According to an article in the Architects’ Journal, one in six practices are already being targeted by cyber criminals. And with more companies in the construction industry now working from home due to the Covid-19 pandemic, the threat of a hacking attack is greater than ever before.
A March report in the Architectural Record said that since home working became the norm, architects were seeing at least twice the number of attacks.
Zaha Hadid Architects (ZHA) ransomware attack
One company that has been under fire is London firm Zaha Hadid Architects, who reported the issue to the police on April 21 2020. Ransomware had been used to encrypt all data, with hackers threatening to block access or publish it online unless a ransom was paid. Staff were completely locked out of the system for a small period of time, leaving them unable to do their job. It’s not fully known what data was stolen but the attackers released a tweet with a screenshot of stolen information which included payroll records, financial and project data, client information and employee details.
As well as the obvious disruption to work and concern for data security, this also presented a major issue in terms of the GDPR. Zaha Hadid were required to report the breach to the Information Commissioner’s Office (ICO).
How you can protect your company
In the rush for everyone to work from home to avoid the spread of Covid-19, cybercrime has become more prevalent. People are unfortunately the weakest link and with staff being scattered around working from home means an increased likelihood of a bad actor tricking them.
Firms in the construction industry may be targets at the moment, but there’s plenty you can do to keep your data safe. Here are our tips:
- Ensure all files are fully backed up in the Cloud and regularly tested for recoverability (backing up files is pointless if you don’t know you can get them back!)
- Educate your staff in how to recognise common threats like phishing scams. User education is crucial in the fight against cybercrime, but usually one of the least used lines of defence
- Keep all software up to date to ensure there are no vulnerabilities that hackers can easily exploit
- Invest in business-grade antivirus software – not all AV software is created equal, so it’s important to have the right one that’s robust enough to protect your company’s data
- Enable multi-factor authentication instead of just relying on passwords
- Secure your infrastructure with an appropriate firewall that automatically blocks malicious websites
- Regularly review user permissions and ensure that when someone leaves the company, their access is instantly blocked. If an account has already been successfully targeted you’ll also need to ensure that their system access is changed
- Remove any software you no longer use, this will reduce the attack surface on your device, the less software you have the less vulnerabilities there are.
- Get advanced email protection to block malicious emails and remove bad attachments
- Develop an incident response plan, so if anything does go wrong you can learn from it
Who’ll be compromised next?
Although serious, the Zaha Hadid attack wasn’t as devastating as it could have been, only because the stolen data had already been backed up and regularly tested. That said, a backup is only as good as its integrity.
- What if their backup wasn’t up to date? How much work or projects would they have lost?
- What if they weren’t regularly testing their backups and when they attempted to recover, were unable to?
Cyber-attacks, mainly in the form of phishing attacks are becoming increasingly common in the Architecture, Engineering and Construction (AEC) industry, especially in the current situation, with many people working from home, but that doesn’t mean they’re inevitable.
How we can help
When your team work from home, you’re widening your exposure to potential threats. And cracks can quickly appear in your business’s protection
We’ve helped our clients in the Architecture, engineering and construction industries successfully transition to working from home in a secure way with the right blend that suits their business. One that protects them well without interrupting how their staff do things.
The team at Compex IT can help you keep your data safe during lockdown and beyond. Just get in touch today.