A primer on cybersecurity in the construction industry

It seems every month there’s a major cyberattack that makes the headlines. Do you have a plan to get in front of potential threats? As the construction industry (and the business world at large) becomes more dependant on internet-connected solutions and remotely accessible systems, it creates more opportunities for hackers to find a way in. That said, you don’t have to feel powerless against bad actors online.

Here are a few tips to prevent data breaches and avoid being the victim of a cyberattack:

• Install security software on your company’s servers and computers that can provide real-time protection. The hardware should automatically receive the most up-to-date malware definitions.
• Make sure your firewalls are enabled and updated regularly with security patches.
• Regularly train employees on best practices in terms of security policies and practices. For instance, employees and contractors should be required to change their passwords every three months and be able to identify phishing scams and the like.
• If employees are using mobile devices to access your company’s network they should be equipped with hardware and software data encryption. Too, passwords or PIN locks should be used.
• Secure your company’s Wi-Fi network, both at the office and at the job site. That means encrypting your wireless signal and securing your router with a password so only employees and authorized personnel can access your network.
• Regularly backup data offsite or with a trusted cloud storage provider.

Beyond these tactics, there are other measures you can take on an everyday basis to reduce the chances of an instance, or at least know how to respond in a productive manner. Cybersecurity preparedness will require knowledge and awareness across a number of roles within the organization. In other words, cybersecurity isn’t just the job of an IT professional; the onus is on every department manager to ensure compliance.

Also, be mindful of the business relationships you develop. With so many choices on the market for cybersecurity vendors, it can feel overwhelming but due diligence is necessary. Organizations should take time to vet credentials, years of experience, contractual terms, insurance carried, and more before engaging with a vendor.

Last but perhaps most importantly, most security experts agree that it’s a matter of when, not if, your firm is a target of attacks. Even the most sophisticated network can be penetrated, so it is also important to know how to respond in the event of a cyber incident. Your company should also invest in cyber insurance as a smart precaution. Such a policy generally covers your business’s liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.

Remember, failing to plan means planning to fail, so don’t leave anything to chance.