Preventing Cyberattacks for Construction Companies – 3 Strategies

by Mary Varano

Preparing for a cyberattack is a must as a construction company. Most of your organization runs on technology, so, practically speaking, your construction company is also a technology company. While technology improves efficiency, it is also a gateway for the exploitation of vulnerabilities in your network. According to a recent Forrester survey, more than 75 percent of respondents in the construction, engineering and infrastructure industries experienced a cyber incident in the last year.

Cyber criminals are continually evolving and changing how they attack, so it can feel overwhelming to keep up-to-date on protecting your data. Don’t let it be. In addition to working with a trusted partner that specializes in cybersecurity, there are three practical steps your organization can take starting today to protect sensitive data for your business, employees and customers.

Step One: Improve How Your Staff Handles Data

About a fourth of all cyber breaches are traceable to human error. Actions including clicking on an infected email link or not securing sensitive information properly can open the door to a cyberattack.

Here are a few ways to mitigate the part human error plays in cyberattacks:

  • Ensure employees only have access to the information they need. Not every employee needs access to personally identifiable information of employees, clients, or vendors
  • Have proper document storage and destruction policies and to train employees so they know and utilize them
  • Conduct ongoing social engineering testing for your employees to help educate them and prepare them to spot phishing emails. Identify employees who may need further training. Hackers send legitimate-looking emails that may have a link or attachment that contains malware such as ransomware that takes over the device and network or encrypts your data once a user clicks on it. This form of attack is becoming more sophisticated and harder to detect

Should a bad actor penetrate a layer of security, these steps help ensure that the information they want most is secured and inaccessible.

Step Two: Adjust Your Processes

The construction industry faces unique challenges and opportunities given its mobile workforce. Your employees may operate at different sites or on the road, which requires a great deal of mobile communication. In these cases, it’s crucial to select and apply appropriate mobile device management tools and processes to your company devices or employee devices in a Bring Your Own Device (BYOD) environment. For example, you may benefit from being able to wipe sensitive, business and customer data off devices remotely when those devices are no longer needed, are lost, stolen or when an employee leaves the company.

In situations where data is passing through multiple devices in many locations, it is important to make sure the data is transferred securely and ends up only in the right hands. Deploying multifactor authentication ensures that the use (or misuse) of valid usernames and passwords is not sufficient to gain access to your critical systems and data. The user must also be in possession of a known, personalized device. Should a hacker steal a username and password, the hacker would also need to steal that device as well. Without both, the bad actor cannot access your sensitive data.

Step Three: Maintain and Upgrade Your Technology

Taking steps to ensure your people and processes are efficient and diligent will greatly improve your organization’s security posture, but it is vital to regularly tend to your technology. Technology changes rapidly and your organization needs to keep pace.

Get started by:

  • Assessing the security patches you have in place and the process to monitor them and implement updates/new ones
  • Analyzing the robustness of your firewall
  • Creating a backup and recovery plan and practicing it
  • Staying current on applications, software and devices that may be out-of-date
    • This presents a risk as the manufacturer may no longer support the software or application or deploy the necessary ongoing security patches

Cybersecurity is Crucial for Every Construction Company

No matter the size of your construction company, protecting employee, customer, and vendor data has to be a top priority. A comprehensive assessment is a great way to discover where you are today. Engage with a trusted partner to assess and reveal where your vulnerabilities are and what steps and budget you need to address and fix areas of weakness. This process should be ongoing and part of your annual review, as the preventive measures needed for strong cybersecurity are constantly changing.

Corrigan Krause Specializes in Construction Accounting

The Construction Services team at Corrigan Krause can help support your construction company as you improve your processes to prevent cyberattacks. Email to learn how to become a client.