Construction Companies
Cybersecurity for Construction Companies
Construction companies face unique cyber risks: large wire transfers for projects, distributed workforces across job sites, and complex vendor relationships. Invoice fraud and business email compromise hit the construction industry hard. Here's how to protect your company from digital threats.
Top Threats
- • Invoice fraud and payment redirection schemes
- • Business email compromise targeting project payments
- • Ransomware locking project management and CAD systems
- • Vendor and subcontractor email compromise
- • Mobile device theft with access to company systems
How Attacks Happen
- • Fake invoice emails from spoofed vendor addresses
- • Compromised subcontractor email accounts
- • Phishing targeting accounting and project managers
- • Malware in fake permit applications or bid documents
- • Unsecured job site networks and devices
Compliance Requirements
- • Contract security requirements from general contractors
- • State breach notification laws
- • Insurance requirements for cyber coverage
- • Government contract security requirements (where applicable)
Is your business exposed?
Security Checklist
- 1.
Verify ALL payment requests by phone using known numbers
- 2.
Require dual authorization for all wire transfers over $10K
- 3.
Enable MFA on email and project management systems
- 4.
Train accounting staff on invoice fraud tactics
- 5.
Use secure file sharing for project documents
Procore or PlanGrid
- 6.
Secure mobile devices used in the field
- 7.
Vet subcontractor security before sharing system access
- 8.
Back up project files and CAD drawings regularly
Related Industries
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required