Chances are your company doesn’t have a cybersecurity pro on staff – someone to ensure your employees, business, and customer data stays safe. In fact, if you’re a small- to mid-sized company, security may get lost amid the busyness of simply getting your projects done on time and on budget. But security is an issue that cannot be ignored, and there are plenty of things you can do—and resources at your disposal—to help keep your organization safe. Here, Builders Mutual Cybersecurity Administrator Marty Coolidge, MCS, C|EH, ITIL, Network+, shares some best practices to help you create a security culture.

It’s not just for IT anymore.

With today’s flexible work-from-anywhere environment, people are at the kitchen table, on the couch, or even at a local coffee shop. Obviously, your crews continue to show up on the job-site, powering through the current construction project. But your other staff—HR, accounting, etc.—are probably not “in the office” anymore. Neither is your “IT guy” (or gal), if you have one. Now more than ever, maintaining cybersecurity goes beyond an IT function. It’s a complete business function. Moreover, company leaders need to set the standard for safe IT practices so all employees will follow suit.

In addition to these basic cybersecurity tips provided in a previous article, here are some vital insights to improve your company’s safety.

Gone phishing

Phishing emails use sneaky, deceptive techniques to trick recipients into giving up personally identifiable information, or PII. This includes health information, credit card data, social security information, and account numbers. Cybercriminals are having a field day in this era of COVID-19, as they take advantage of the vast remote workforce. They’re casting a wide net—and they’re pulling in a huge haul. In fact, at Builders Mutual, phishing scams have increased by 20% since the coronavirus pandemic began, with the organization receiving more than 2,000 phishing emails every week.

Don’t take the bait.

  1. Check for an invalid email link by hovering over the link with your mouse—and don’t click on it! If the actual address is different from the one displayed, it’s probably a scam. It’s always recommended to open your browser and type out an address instead of clicking a link within an email.

  2. If the message contains spelling and grammatical errors, it is most likely not being sent on behalf of a legitimate company (or it would at least have been spell-checked). Don’t be afraid to respond to the sender via phone, etc. to verify the legitimacy of the email.

  3. No matter how official a message looks, it’s always a bad sign if you’re asked to provide personal information, including account numbers, passwords, or pins.

  4. When an email claims to be a response to an action you didn’t initiate—like a phone call—it’s suspicious and should be ignored.

  5. Intimidation equals cybercrime. Sometimes the bad guys skip the tricks and go right to threats, so don’t be fooled (or scared) into giving up personal info.

Insider threats

Although there can be malicious intent when it comes to internal cybercrime threats, human error and ignorance are the real culprits. When security is compromised from the inside, it’s typically because an employee has inadvertently opened a suspicious email, downloaded malicious content, or used a weak password that was compromised. Awareness is a vital factor in ensuring minimal human error.

One of the biggest insider risks is WiFi security—or lack thereof. Rule number one: Using public WiFi is never a good idea for work or personal purposes. The ideal is for your company to have a VPN, or virtual private network. A VPN redirects your internet traffic, disguising where your device is when it makes contact with websites. It also encrypts information you send across the internet, making it unreadable to anyone who intercepts your traffic. That includes your internet service provider. So, once employees are connected to the VPN, they’re protected from the bad guys accessing private data.

Compliance matters

When a company takes credit card payments, the process must be P CI-compliant , following the Payment Card Industry Data Security Standard. If this is you, it’s imperative to provide a security awareness training course and to create company policies. Every department is affected by cybersecurity directives, so top-down adherence (and enforcement) is essential. For employee training, Builders Mutual uses this great resource, and it could help your company stay prepared and proactive.

You are a target.

Everyone who accesses the internet is hackable. We all have information that the criminals want, so don’t believe it could never happen to you or your company. Each one of us can do our part to create a culture of security—every business owner, manager, and employee at every level. From creating longer passwords and changing them often to using multifactor authentication when given the option, every small choice impacts company security in a big way.


Check out these additional resources for the latest news, threats, and cybersecurity awareness:

Though these tips will assist in increasing the awareness of some cyberattack methods and showing the importance of maintaining proper security of data, they are not a complete guide to being completely secure. Always contact your local IT professionals regarding any efforts associated with creating a secure architecture for your network.