45691404_MIs data security, online privacy and identity theft a top concern? If it’s not, it should be. More than ever, hackers are using sophisticated efforts to steal information from companies and to commit identity theft and fraud. And while all industries are at risk, the construction industry is becoming a greater target. In one survey, 2-3 out of every 10 contractors last year said that they discovered that their computer system had been hacked, infiltrated by a virus or otherwise compromised.

Hackers are using data breaches to steal valuable information — such as email accounts, names, birth dates and phone numbers — then use that information to conduct phishing scams to gain access to your personal accounts. The best way to avoid being taken in is for organizations to set good security procedures and policies in place, and for everyone to learn how to spot a phishing scam.

Here’s the latest that you need to know in order to avoid getting hooked by hackers phishing for your information:

1) Know your weaknesses. You need to stay up-to-date on the latest tech security news to know if you’re vulnerable. For example, if you’re using a version of Microsoft IE you need to know about a reported vulnerability that opens the door to phishing attacks. Watch out for news about malvertising attacks and ransomware scams. You also need to pay close attention if you’re part of a larger attack, such as the memorable Equifax breach.

2) Know how to spot a phishing scam. You might be surprised. A phishing scam can come in the form of an email, link, or even a telephone call. Cybercriminals will use whatever means they can to install malicious software or access your accounts to steal your personal information. Watch for suspect emails with bad links (and don’t click them!), phony security alerts, fake websites and out-of-the-blue phone calls where someone says that they can help you solve a computer, account or software issue.

3) Know what’s going into your spam and trash folders. If hackers do start trying to access your accounts, one of the first things that can happen is that they’ll reset your passwords to critical accounts (banking, or others) and set a filter so that any email notifications about the changes bypass your inbox. Always watch your email account for unusual activity, and if you see anything strange – such as trash or spam folders emptying themselves — change your password immediately. (In this case, you’ll also want to check your banking and other critical accounts.)

4) Know how to manage your passwords. Activate two-factor authentication whenever possible. And use strong passwords — a different one for each account. You can set up a password manager to help you remember all of them, since strong passwords are much more difficult to remember.