THE IMPORTANCE OF CYBERSECURITY IN CONSTRUCTION
The idea of cybersecurity in the construction industry might seem a little strange. After all, this isn’t a profession that is associated with a lot of IT usage
The idea of cybersecurity in the construction industry might seem a little strange. After all, this isn’t a profession that is associated with a lot of IT usage. However, things have begun to change in recent years. Many aspects of the construction process are now managed in a digital form. This includes things like blueprints, transaction records, regulatory information, etc. These things may not be the most frequent targets of cyber-attack, but the risk is still there.
HOW OFTEN DO CONSTRUCTION BUSINESSES GET HACKED?
When we look for instances of construction companies getting hacked, it isn’t hard to find a few. We don’t see a huge number of instances here, but those that we do see are pretty disconcerting.
For instance, consider this ransomware attack which was perpetrated on a multi-million dollar company called Bird Construction. This company was involved in a lot of government/military contract work. These lucrative and somewhat-sensitive contracts may have been the reason for which the company was targeted. While it seems that no sensitive government-level information was taken, the hackers did abscond with about 60GB worth of data. The company won’t say if they paid the ransom or not, which means they probably did so.
For an even scarier incident, we might look at this unique penetration test. Cybersecurity experts wanted to see if they could hack heavy construction equipment. With the cooperation of a friendly Italian construction manager, they set up such a test. Using minimal equipment, they were able to take control of a heavy crane and move it at will. Although this was only a test, it shows just how far the threat can go.
THE IMPORTANCE OF CUSTOMER TRUST
If you are trying to justify some cybersecurity expenses for your construction business, here is a very good argument: Customer trust has a lot to do with the contracts you get. If your competitors have better cybersecurity than you, customers will feel more secure entrusting their data to that other company.
If you are dealing with government or military clients (like the company named above), this becomes even more important. Needless to say, they have to worry about state-level cyber threats, which tend to be far more dangerous. Trust is also very important when dealing with small businesses. These smaller businesses cannot absorb the losses that come from a serious data breach, so they have no choice but to be careful.
REGULATORY COMPLIANCE IS ALSO IMPORTANT
Not only do you need to maintain the trust of your customers, but you also need to maintain regulatory compliance. As cyber-crime becomes more and more of an issue, lawmakers find themselves under increasing pressure to deal with this rampant problem. For business owners, that means even more regulations and red tape.
The laws vary a lot from state to state, but many U.S. states now have laws that mandate certain cybersecurity standards for all companies operating within their jurisdiction. For instance, New York passed this one in 2017. Among other things, it calls for:
- A documented and professional risk assessment
- A formal, written security policy
- The appointment of a qualified CISO
- Third-party cyber risk policies
- Annual compliance re-certifications
Needless to say, it is very important to comply with all of these rules. Failure to do so can result in large fines and even the closure of your business.
DEALING WITH THE RISKS
In order to minimize your risk of data theft, there are a lot of steps that can be taken. We don’t really have space to cover them all, so let’s go over a quick list of important cybersecurity points:
- Implement a strong password policy
- Use network-monitoring whenever possible
- Encryption is your friend. Use it whenever possible.
- Make sure everyone knows to be careful about links/attachments in emails
- Use firewalls to control unauthorized traffic
- Always test new software in a VM (virtual machine)
Of course, cybersecurity is one of those things that requires expert knowledge. Thus, if you need to seek out some small business computer support, you should not hesitate to do so.
One good piece of news is the fact that hackers don’t target construction businesses all that often. Nevertheless, it only takes one incident to cause catastrophic damage. Because of this, you really cannot afford to take this matter lightly. Cybersecurity isn’t just something for tech companies to worry about…in today’s world, anyone might be hacked. If you would like some more good advice on this subject (or if you just need some small business computer support) we would advise you to call PCH Technologies at (856) 754-7500.