Bid Coach: How Construction Companies Can Combat Cyber Security Threats

Challenge:

As the construction industry continues to increase the use of electronic data, cloud technologies, and hosted services, companies should be constantly seeking new ways to combat cybercrime. Whether it’s reading an email on a personal laptop, accessing a mobile app on a jobsite tablet, or using company software in the office, every employee accessing data through the cloud is at risk to a malicious cyber-attack. Construction is also a lucrative, high-cash-flow business, which makes the industry more appealing to criminals.

There are many types of cyber-attacks, however the most common is phishing expeditions. A phishing attack usually comes in the form of an email in which the attacker is disguised as reliable, for example the company’s CEO or another employee. Once you’ve received and interacted with this email (clicking a link), the hacker gets access to the company’s system, exposing sensitive information like client or employee information, financial data and more.

Unfortunately, as it turns out, contractors aren’t heavily focused on cyber security. They tend to have their minds set on completing their construction projects within budget and schedule.

Solution:

So, how can construction companies combat cyber security attacks? The key is to formulate a plan to combat the threats well before an attack even takes place. Check out the steps and actions highlighted below to ensure your company is protected.

1. At a minimum, utilize the latest updated firewall and antivirus software.
2. Continuously update company and employee passwords. Passwords should be at least 16 characters, contain a combination of numbers, symbols, uppercase letters, and lowercase letters. The password should be free of repetition, dictionary words, usernames, and personal information.
3. Install a privileged account security solution on every employee’s device. This way an attack will be confined to a single device.
4. Set different levels of permission so that, for example, a jobsite worker can’t access accounting files.
5. Encrypt data, so that if obtained by an attacker they will not be able to use it.
6. Implement a clear policy about acceptable employee use, like prohibition on visiting junk sites.
7. Educate employees about IT rules regarding personal use of connected company devices. Education is effective at reducing the chances of a cyber-attack.

Subscribe below to receive more tips and tricks like these from the free, bi-weekly Bid Coach newsletter.