Recent strides in the construction industry to automate processes—such as accounting, project management and Building Information Modeling (BIM) software—introduces a corresponding set of new cyber risks.
Contractors are vulnerable to the same cyber threats that impact any industry—including phishing scams, ransomware attacks and distributed denial of service, to name a few. While larger construction firms have taken measures to increase cybersecurity, many small to mid-sized companies are not fully aware of what threats they could face, or how to start hedging against them.
Connected devices, social media and the cloud are altering the ways companies’ process, share and store information. These advances allow staff to access company data from remote locations while traveling, on a job site, or from their home.
As new communications mediums, currencies and storage options continue to emerge, attackers see even more opportunity to steal valuable information. It is becoming more imperative for management to focus on responding to cybersecurity risk to prevent these attacks.
Limited regulation and guidance for construction companies result in less focus on cybersecurity relative to other industries. Yet, construction companies face the same threats, given reliance upon IT systems and Internet connectivity for business operations. The reduced attention on security risks – combined with a common belief that they are not a target – often make construction companies low hanging fruit for attackers.
Has your business assessed the impact on operations if an intruder gained access to your proprietary bidding model and sold it to your competitors, or stole bank account credentials to conduct fraudulent transactions? Would your business be able to recover and remain competitive?
Here are a few simple actions you can take to reduce cybersecurity risks immediately:
• Identify your company’s most valuable information and where that information is located on your network.
• Establish internal controls and cybersecurity procedures that consider both internal and external threats.
• Prioritize cybersecurity procedures to protect the most valuable information. You need to place the highest levels of protection around your most valuable information.
• On a regular basis, evaluate your cybersecurity controls and procedures for their effectiveness with thorough audits and technical assessments by resources with cybersecurity experience.
• Establish a plan of action if you must respond to an adverse cybersecurity incident. Test the plan by conducting a simulation at least once a year.
• Establish procedures to evaluate your third-party service providers (if applicable) and assess their cybersecurity processes.
• Communicate cybersecurity measures to the entire organization and help every employee within your organization understand the threats your organization faces, and their role in protecting the company’s assets.
Promote your brand here! Email firstname.lastname@example.org
Have an OSHA recordkeeping question? Visit isitrecordable.com
Have a worker's compensation question? Visit isitcompensable.com
Have an environmental safety question? Visit isitenvironmental.com
Interested in safety tech or new products? Visit isitsafety.com