Featured Stories

Filter By Categories
November 05, 2019

How to Assess Your Technology and Compliance Risks to Protect Against Cyber Attacks

cybersercyrutAs companies have layered firewall upon firewall and set up intrusion detection infrastructure, the effort to attack a company’s private data has become labor intensive and increasingly fruitless. Like any good criminal, hackers look to find a new way to battle past the virtual barbed wire businesses have built around their most precious resources.

Coupled with the rampant rise in popularity of social media, wherein it became totally commonplace to hear from strangers posing as friends, cyber criminals have turned to a – so far – super effective way to steal valuable company data, using a trusted source- your employees.

A Simple Attack from a Trusted Source

Kevin Ricci, principal of Citrin Cooperman, notes that the level of sophistication used by cyber criminals in email (“phishing”), text (“smishing”), or voice (“vishing”) attacks used are fooling people left and right. The stakes are high, as the cyber-attacks are no longer simply trying to steal a bank account number: fraudulent wire transfers, debilitating ransomware infections, and theft of highly sensitive personal data are all desired outcomes for this next-generation of cyber theft.

Perhaps the most disconcerting aspect of this new wave of attacks is just how successful the cyber criminals are, all without having to penetrate a fortress of virtual security. From family members to fellow employees, a well-executed social engineering attack can cause victims to do all the heavy lifting for the attackers by simply pretending to be a known and trusted contact.

Your Employees are Your Best Defense

With this disconcerting context in mind, the next question becomes: how can you possibly ensure all your employees are vigilant enough to avoid being conned in a social engineering attack? The simple answer is cybersecurity awareness training.

Now, unlike a firewall that stands guard 24/7, social engineering attacks count on the fact that not every employee is going to be able to spot a con artist before it’s too late. However, by having an informed workforce that understands what an attack looks like and the ramifications of not being vigilant, contractors can institute the strongest defense possible.

Social engineering attacks are not going to simply fade away; instead, they are going to become increasingly sophisticated. Here are some facts that provide a strong case for companies to make sure they are prepared for attacks of ransomware, phishing schemes, data breaches and smart phone app attacks:

  • 5 billion records were lost, stolen or exposed in 2017
  • 66% of malware was installed through malicious email attachments
  • The average time it takes a company to detect a breach is 191 days
  • 69% of consumers would be less inclined to do business with a company that experienced a breach

Test Your Cybersecurity Program and Find Your Weak Links

Citrin Cooperman, a leader in helping construction companies with security, compliance and operations, has established The SCORE Report ™, a high-level cybersecurity risk assessment of your business’ technology and compliance environment.  The SCORE Report ™ gives you a graphic view of your company’s most significant risks by asking 10 questions. 

Assess your risk now by downloading and completing the The SCORE Report ™.


Contact Kevin Ricci of Citrin Cooperman to learn more.

Looking for a Sage construction software solution? Contact United Solutions for a free consultation.



Subscribe to Receive Our eNewsletter