Even before the COVID-19 pandemic, construction businesses were increasingly relying on mobile devices, cloud-based applications, online collaboration, and Internet-connected vehicles and equipment. The pan­demic has only accelerated the adoption of these technologies. As the number of entry points into your company’s network increases, so does your cybersecurity risk.

Fight complacency

Many of the most infamous data breaches have involved large retailers or financial institu­tions. However, recent headlines have involved cyberattacks on other types of businesses — including construction companies.

Contractors are attractive targets for cybercrimi­nals, not only because of the mobile nature of their systems, but also because of the many ways a cyber­attack can do serious damage. Examples include:

  • Disrupting or delaying projects with a ransom-ware or malware attack,
  • Disclosing confidential bid information, and
  • Stealing proprietary designs, blueprints, schematics or specifications.

Cybercriminals can also cause property damage or bodily injury by deleting data, altering plans or specifications, interfering with a project’s security or safety systems, or tampering with vehicles or equipment.

Watch your supply chain

As we’ve seen recently, critical third parties in your supply chain can be victimized. Cyberattacks on these parties can interfere with your ability to obtain fuel and key materials, negatively affecting project timelines.

For example, earlier this year, a ransomware attack shut down Colonial Pipeline. The company report­edly paid a $5 million ransom to regain control of its systems. Although the cybercriminals responsible for the attack provided a decryption program for the business to recover its data, the process was so slow that the company ended up restoring the affected systems from its own backups. Attacks like this are expected to increase.

Assess risk, deploy strategies

To better protect your company against cyberat­tacks, conduct a cybersecurity assessment. Doing so involves taking inventory of your hardware and software, as well as mapping your network, data flows and entry points. This includes access by employees, vendors, and collaborators such as architects or engineers.

Ultimately, you want to identify every potential vulnerability. Armed with this information, you can then implement internal controls and exter­nal protections to reduce the risk of a breach and develop an incident response plan to mitigate damages should one occur.

Strategies for preventing cyberattacks include strong passwords, dual-factor authentication to prevent unauthorized access, and software tools that monitor for and prevent intrusion. Keep mobile devices and computers current with the latest updates and security patches.

Educate employees to help them identify and avoid phish­ing attacks and other threats. Training employees is particularly important because most cyber­attacks are because of human error rather than technological failures.

As we’ve seen recently, critical third parties in your supply chain can be victimized by cyberattacks.

Among the most effective strategies is to follow rigorous backup protocols to ensure that you can resume operations quickly in the event a cyber­criminal destroys or blocks access to your data. Backup data should be encrypted, stored off-site and segregated from the systems being backed up to ensure they’re accessible in the event your main network is compromised.

Be prepared

Like most construction businesses, yours likely will increasingly rely on mobile and cloud-based technologies — even after the pandemic. To protect yourself in this environment, conduct a cybersecurity assessment as mentioned. Then implement strategies for minimizing your distinc­tive risks and facilitating a quick recovery should an attack occur.