Let’s be real: August should be about new school supplies, family barbecues, and squeezing in that last bit of summer sun—not cyber threats. But here’s the reality most of us live with: While you and your team are coming back from vacations, the bad actors out there are just getting warmed up.
Studies from industry leaders like ProofPoint and Check Point are showing a sharp uptick in phishing attempts every summer—especially right now, when construction projects are in full swing and inboxes are overflowing.
What’s Driving This Summer Surge?
It’s simple. Cybercriminals know we’re distracted. Maybe you’re reviewing a bid packet on your phone at a hotel lobby, or a project manager is checking site photos while booking a last-minute Airbnb for Labor Day weekend. Attackers have gotten smart—they impersonate travel sites, flood inboxes with “urgent” university emails (think: kids or colleagues heading back to school), and slip into the gaps created by people multitasking on the job.
Check Point Research found a 55% spike in new travel-related website domains this summer alone. That’s tens of thousands of “vacation” sites—one in every 21 flagged as suspicious or outright malicious. It just takes one click from someone on your team, even on their personal email while using a company laptop, to open the door to a data breach.
Why This Matters for Construction IT
If you’re like me, you carry a lot of responsibility—keeping legacy systems running, protecting sensitive blueprints, and ensuring your field teams stay connected and secure. One wrong click can compromise not just IT, but everything from project schedules to contract negotiations.
Here’s what I’ve learned, after years of walking job sites and sitting in IT war rooms: Your first line of defense isn’t just your firewall or endpoint security. It’s your people.
Five Ways to Outsmart Phishing This August (And Beyond)
- Train Like It’s a Safety Drill:
Make phishing awareness as regular as your safety talks. Remind your team that phishing emails today don’t look sloppy—they’re polished, AI-written, and often tailored to your industry. - Double-Check Everything:
Before clicking, always hover over email links. Watch for weird domain endings like .info or .today. If something feels off, it probably is. - Keep Personal and Work Accounts Separate:
I get it—the temptation to check your personal Gmail from a work device is real, especially on the road. But this is where attackers love to strike. Draw a clear line: work on work devices, personal on personal. - Lean on Multifactor Authentication (MFA):
MFA isn’t a luxury anymore; it’s your insurance policy. Even if someone grabs a password, MFA can stop them cold. - Ask for Help:
This isn’t just a tech problem, it’s a people problem. Make sure your MSP is actively monitoring endpoints, rolling out updates, and offering real-time support. Ask about advanced endpoint detection and response tools (EDR) that fit the unique needs of construction sites.
Let’s Be Honest: The Stakes Feel Heavy
If you’ve ever felt the pressure to do more with less, or worried, you’ll miss something in the crush of August emails—you’re not alone. There’s no shame in feeling that weight. The great news? You’re already leading by caring enough to read this, and by being willing to train, empower, and protect your team.
If you want a gut check on your current defenses—or just need a sounding board—reach out. I’m always here for a coffee, a conversation, or a quick “is this email legit?” sanity check.
Start This Season Secure
August is busy enough. Let’s keep your projects moving and your data protected. Book your FREE Cybersecurity Assessment with a local MSP who understands the pressures you face, and the stakes involved in every single project.
We’re in this together. Here’s to a safer, smarter season ahead.
—
Preston Borchelt
Turning tech talk into real-world relief for construction firms
