Snell: Technology evolves so fast. You have to not only stay ahead of the competition, but stay ahead of threat actors. If anything, this was a sobering experience of understanding the threats, which are growing more severe by the day.
In addition to moving to the cloud, create a written disaster recovery plan and regularly review and test it. We conduct an annual in-depth review of our plan and run monthly and quarterly reviews and DR tests where we simulate all of our servers going down and restoring the backups.
Education is also key. Everyone in your company should be aware of the importance of data security and be on the lookout for threats when they open every email, visit every website and perform any action on their computing devices. Host training sessions and show employees exactly what they should look for to prevent an attack.
All high-security logins should require employees to verify their identities in more than one way with multi-factor authentication. Employees should use an entire phrase when creating a password and include spaces between a minimum of four words. Adding in characters, numbers and case-sensitive words will make it even more complicated and thus harder to crack.
Looking back at why we were targeted, it makes perfect sense that a construction company may not have the best security protocols in place but today, we do.