Building a Better Defense - Cybersecurity and the Construction Industry

This month is cybersecurity awareness month. When we think of cybersecurity and the businesses that have a need to focus on it, there are a few that come to top of mind such as the government sector, innovative tech companies, and even the world of healthcare. Despite the fact that these are the ones that comes to mind, the reality is that every single industry and company needs to be sure to have strong cybersecurity practices and defenses in place. This includes some of the more hands-on, labor-intensive sort of industries that we would never really associate with techy sort of things. One of the industries where cybersecurity has become even more important is the world of construction.

Construction companies have seen themselves becoming increasingly targeted in recent years, particularly with the growth seen in the housing market as of late. One may ask themselves why this industry would even be targeted when so much of the work is in-person, physical work - what data could these companies possibly have that attackers would like to take? There is plenty of data that a hacker would find interesting from a construction site such as personally identifiable information (PII) for employees and customers (which includes things like names, addresses, phone numbers, and sometimes things as sensitive as social security numbers), project information such as blueprints and purchase orders, contracts, and, of course, key financial data for all of the work being done.

The construction industry is not only an industry with a high likelihood of being targeted by cybercriminals because of the information these companies house, but also because this is an industry that analysts state is on the rise. Of course, the prospect of growth for such a large industry is nothing that anyone in the world of construction would wish away, but this success comes with a target -- any industry that shows strong signs of growth quickly becomes prey for the cybercriminals of the world. To avoid falling victim to these malicious actors of the world, those in the construction industry should take the following security measures to protect their companies and keep on building.

• Educate Employees - Employees in the construction world are incredible assets to their company - they literally build the product that makes their employer successful and the construction industry would not exist without their hard work. Just as employees are essential to this industry's main focus of work, employees are key when it comes to good cyber defenses. Educating employees on the latest cyber attacks out there and how to be a good steward of the data your company is responsible for is an incredibly important step in creating an extensive cybersecurity defense. In this training, be sure to include things like how to spot a phishing scam vs. a legitimate communication, proper password hygiene, and who to contact at your company should they have any questions or concerns.
• Keep Updated Backups - Above, we discussed the various types of essential data that construction companies house. It is not only important to protect this data by keeping devices and networks updated but it is important to ensure that there are backups of this data which should be saved to a separate network frequently. This steps allows your company to continue work, even in the event of a cyber attack. In a world that is very schedule based, where customers are very reliant on the dates and deadlines previously discussed, time is money - while fighting a cyber attack is not ideal, it would be even worse if the construction operations had to cease as well.
• Consider Cyber Insurance - Just as your company should have insurance for many other areas, cyber insurance may be something that you consider as a part of your business' cyber plan. This protects the company in the event of a cyber attack which causes financial loss. This type of insurance is not typically covered by other insurance policies, so be sure to either get cyber insurance or implement some sort of incident response plan in order to protect your company's data and its bottom line.
• Only Work With Cyber Secure Companies - Construction is an industry in which there are many different vendors coming together to complete a goal - the building of one home may factor in a number of vendors between all the essential areas such as flooring and lighting. When considering what other companies your business should work with on projects, be sure to be aware of each company's cybersecurity policy and practices. Often, a data breach from one company can expose the data of another that the initial business works with. Do not leave yourself vulnerable by working with unsecure businesses.

Image by rawpixel.com for Freepik.