Cybercriminals are targeting engineering firms in Salt Lake City
Cybercriminals have changed tactics. And if you run a civil, structural, or mechanical engineering firm in Salt Lake City, you need to know: the front door isn't being kicked down anymore—they're walking in with your credentials.
It's called an identity-based attack, and it's now the #1 way hackers compromise professional networks. Instead of brute-force tactics, they steal or trick someone into handing over login credentials—and once they’re in, your CAD files, Civil 3D plans, and critical documentation are wide open.
In 2024, over 67% of major security breaches stemmed from stolen logins. Major players like MGM and Caesars took hits. If it can happen to them, it can absolutely happen to a 30-person engineering firm in Millcreek or a fast-scaling outfit in Draper.
How Are Hackers Getting In?
These attackers don’t need to understand AutoCAD or Procore to wreck your week. All they need is a single compromised login to wreak havoc.
Here’s how they’re doing it:
- Phishing emails and fake login portals that look like your Deltek dashboard or Microsoft 365 login
- SIM swapping, so they intercept your 2FA codes and access your cloud storage
- MFA fatigue attacks that spam your phone until someone clicks "Approve" by accident
- Exploiting third parties, like outsourced surveyors, call centers, or even your current IT provider, who may have weak link security
These aren’t just theoretical risks. When project files disappear or your Revit environment goes down, you’re not just losing hours—you’re putting bids, compliance, and your reputation on the line.
How To Protect Your Engineering Firm in Salt Lake City
You don’t need to be a cybersecurity specialist to protect your operation. You just need the right playbook, built for your industry.
Use Engineering-Safe Multifactor Authentication (MFA)
MFA isn’t just for corporate types. Use app-based MFA or physical security keys instead of text-message codes. MFA fatigue attacks are on the rise, and physical tokens or apps like Duo or Microsoft Authenticator drastically reduce risk.
Train the Team on Real-World Engineering Scams
Your junior engineer shouldn’t fall for a fake Revit license renewal email. And your project manager shouldn’t approve a fake wire transfer because it "came from accounting."
Set up quarterly phishing simulations and basic cybersecurity training—tailored to engineering use cases. This isn’t fluff; it’s frontline defense.
Segment Access Across Teams
A site inspector doesn’t need access to client billing. A drafter doesn’t need vendor contracts. Apply role-based access controls so a single compromised login doesn’t lead to a full network breach.
Eliminate Password Risks Altogether
Encourage password managers across the org or go passwordless with biometric logins and smart cards. CAD environments, project folders, and cloud-based BIM tools can all support these new methods.
The Bottom Line
Salt Lake City engineering firms aren’t being targeted because they’re big. They’re being targeted because they’re connected.
If you're using cloud collaboration tools like Bluebeam, managing contractors through Procore, or syncing terabytes of Civil 3D data across remote teams—you’re on a hacker’s radar. And unfortunately, most firms don’t realize they’re vulnerable until it’s too late.
You shouldn’t have to guess if your network is secure. That’s what we’re here for.
At Qual IT, we specialize in proactive IT services for engineering firms in the Salt Lake Valley. We speak BIM, we understand plotter problems, and we know that uptime isn’t optional when the clock is ticking.
Want to know if your Salt Lake City firm is vulnerable?
