It’s Mid-February. Cybercriminals Haven’t Quit Their Resolutions

By now, the gym is quieter.

The big “New Year, New Me” energy has settled down.
Budgets are real again. Schedules are tightening. Field crews are fully back in motion.

But here’s something most construction leadership teams don’t think about in February:

Cybercriminals didn’t fall off their resolutions.

They don’t get busy closing projects.
They don’t get distracted by board meetings.
They don’t push security to Q2.

They refine what worked last year, and double down.

And construction firms are high on their list.

Not because you’re careless.
Because you’re moving fast.

Let’s look at what that means right now.

Resolution #1: “Make Phishing Look Normal”

The obvious scam emails are mostly gone.

Today’s phishing emails:

  • Sound like your vendors
  • Reference real projects
  • Use your company’s tone
  • Arrive at perfectly inconvenient times

And mid-February is prime time.

Accounting is deep into vendor reconciliations.
Projects are accelerating.
New hires are settling in.
Tax documents are circulating.

Here’s what a real-world phishing email looks like now:

“Hi Alex — I re-sent the updated invoice for Project 1422. Can you confirm accounting has the correct remittance details? Let me know if you need anything else.”

No typos.
No urgency.
Just normal.

That’s what makes it dangerous.

What Leadership Should Be Asking:

  • Do we require phone verification for banking changes?
  • Is MFA enforced on email and finance systems?
  • Would our AP team feel comfortable questioning a “routine” request?

If the answer to any of those is “probably,” that’s a risk.

Resolution #2: “Impersonate Someone They Trust”

Vendor impersonation and executive impersonation attacks are rising, especially in construction.

Why?

Because your teams move money frequently.

Change orders. Progress payments. Retainers. Vendor deposits.

All it takes is one fake “banking update” and one rushed approval.

And it’s not just email anymore.

Voice cloning is real. If your CEO has spoken publicly, appeared on a podcast, or left detailed voicemail greetings, attackers can create a convincing audio impersonation.

It sounds dramatic, but it’s happening every week.

The Counter-Move:

  • A written callback policy for any banking changes
  • A strict “no voice-only approval” rule for transfers
  • MFA everywhere — not just “most places”

These aren’t enterprise luxuries. They’re table stakes now.

Resolution #3: “Target the Mid-Market Harder”

A few years ago, attackers focused on Fortune 500 companies.

Now?

Mid-sized construction firms are ideal targets.

You have:

  • Real cash flow
  • Valuable project data
  • Insurance coverage
  • No full-time security team

And here’s the uncomfortable truth:

Most firms still quietly believe,

“We’re probably too small to be worth it.”

You’re not too small.

You’re just too small to make national news.

That belief is exactly what attackers count on.

Resolution #4: “Exploit Tax Season and New Employees”

We’re right in the window now.

W-2 requests. Payroll updates. “Urgent” tax document emails.
New hires still learning internal processes.

Attackers love this combination.

A fake HR or CFO email asking for employee W-2 copies can compromise your entire workforce in one click. Social Security numbers, salaries, addresses — all exposed.

Your employees don’t just lose money.

They lose trust.

That’s a leadership issue, not just an IT issue.

February Is When Reality Sets In

January is optimism.

February is execution.

This is the point in the year when leadership either:

  1. A) Gets proactive
    or
    B) Gets reactive

There is no third option.

You can:

  • Assume backups are working
  • Assume MFA is enabled everywhere
  • Assume someone would catch something suspicious

Or you can verify.

Preventable Beats Recoverable

In construction, you don’t wait for a beam to fall before you install bracing.

Cybersecurity is the same.

Option A:
Wait for the breach.
Call emergency IT.
Notify clients.
Explain to the board.
Pay for recovery.
Hope insurance cooperates.

Option B:
Quietly close the gaps now.
Verify backups.
Enforce MFA.
Train the team.
Create verification policies.
Monitor continuously.

One option is chaotic and expensive.
The other is boring and controlled.

Boring wins.

Let’s Make 2026 the Year You’re Not Surprised

If you’re Alex, you don’t need more responsibility.
If you’re the CFO, you don’t want surprise losses or insurance issues.
If you’re on the leadership team, you want growth without chaos.

That means making sure your firm is not the easy target next door.

Book a 15-Minute February Security Reality Check

We’ll walk through:

  • Email and MFA enforcement
  • Backup verification
  • Finance process vulnerabilities
  • Vendor impersonation exposure
  • Where you’re solid — and where you’re exposed

No scare tactics.
No buzzwords.
Just clarity.

Because while everyone else dropped their New Year’s resolutions…

Cybercriminals didn’t.

Let’s disappoint them!