What’s Hiding on That Old Computer Could Cost You - Here’s How to Dispose of Tech Safely
When was the last time you tossed out an old computer, server, or smartphone from your office? Maybe it was collecting dust in the corner. Perhaps...
3 min read
Byron Martin
:
May 21, 2025
If you run a construction company or any small business that deals with many vendors and invoices, you need to know that you’re on the radar of cybercriminals.
In fact, from 2023 to 2024, cyberattacks on construction firms doubled, according to a report by Kroll, a leading risk advisory firm. And this trend isn’t slowing down.
The way construction companies operate makes them especially vulnerable to cyberattacks. Your teams rely on mobile devices, work across job sites, coordinate with dozens of suppliers, and often make quick decisions under pressure. These realities create ideal conditions for hackers to slip through the cracks, particularly through Business Email Compromise (BEC).
BEC attacks made up a staggering 76% of cyber incidents in construction, according to Kroll. These attacks usually involve fake emails that look like legitimate invoices or document requests. One wrong click and you could be wiring money straight to a criminal’s account.
Let’s break down why smaller construction companies, and other similar businesses in the Pacific Northwest, are especially at risk:
1. You Work with a lot of Vendors and Suppliers
Every vendor your business deals with is a potential attack vector. If even one supplier’s email gets hacked, it can be used to send realistic-looking invoices that redirect your payments to the attacker. In construction, where vendor relationships are numerous and fast-moving, these scams are harder to spot.
2. You’re Working Against Tight Deadlines
Whether it’s to avoid project delays or keep subcontractors paid on time, the urgency in construction environments often means invoices are processed quickly, and sometimes without full verification of legitimacy. Hackers rely on that urgency to bypass your usual checks and balances.
3. Your Team Operates on Mobile Devices
Crews and project managers often work remotely and access systems via smartphones or tablets. While mobile access is convenient, these devices tend to have weaker security protections than office desktops or laptops, making them easier to exploit.
If you’re in manufacturing, healthcare, or education, especially as a small or mid-sized organization, the same risks apply. These industries also deal with high volumes of vendor communication and urgent payment requests, which are exactly the kinds of workflows BEC scams and invoice fraud are designed to exploit.
Here’s how to protect your business without needing a massive IT department:
✅ 1. Always Confirm Supplier Details
Train your team to double-check invoice details and supplier info, especially for payment changes. Have a known and trusted contact method (like a phone call to a verified number) to confirm if anything seems off.
✅ 2. Turn On Multi-Factor Authentication (MFA)
According to the Cybersecurity and Infrastructure Security Agency, using MFA makes your accounts 99% less likely to be compromised. Even if hackers obtain log-in details, they can’t access accounts without the second credential, typically a mobile device or a biometric scan.
✅ 3. Don’t Let Your Software Get Stale
Hackers love outdated systems. Keep your software patched and up to date, and make sure you’re running quality antivirus and endpoint detection and response tools. This isn’t optional, it’s essential for defense.
✅ 4. Train Employees on Common Attacks
Employee training is a vital component of a comprehensive cybersecurity strategy. Your team can be your first line of defense if they know what to watch for. Schedule regular cybersecurity awareness training to recognize social engineering and phishing. The Information Systems Audit and Control Association recommends cybersecurity awareness training every four to six months. After six months, employees start to forget what they have learned.
Hackers are increasingly targeting small, invoice-heavy industries like construction, manufacturing, and health care due to their inherent vulnerabilities.
The good news? A few key precautions can go a long way.
By enabling MFA, keeping your software updated, training your team, and verifying every invoice, you can dramatically reduce your risk of falling victim to email scams and invoice fraud.
If you’d like help assessing your cybersecurity gaps or rolling out the right protections for your business, our team at Teknologize is here to support you.
👉 Click Here to Talk to an Expert
Teknologize is a SOC 2 Accredited, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
Tri-Cities, Washington 509.396.6640
Yakima, Washington 509.396.6640
Bend, Oregon 541.848.6072
Seattle, Washington 206.743.0981
Questions about your IT or Cybersecurity? Give us a call today!
When was the last time you tossed out an old computer, server, or smartphone from your office? Maybe it was collecting dust in the corner. Perhaps...
If your nonprofit relies on Microsoft 365 Business Premium or Office 365 E1 through Microsoft’s grant program, there’s a critical change you need to...
If you run a construction company or any small business that deals with many vendors and invoices, you need to know that you’re on the radar of...