Cybersecurity in Construction: Five Tips

BIM software

Too many construction firms believe “it won’t happen to me.” But it can and will happen to you if you’re not careful. Recent high-profile hackings have proven that no matter how big your company is, there’s always a way around lax security. Construction Dive also found a 400% increase in ransomware attacks, proving the industry is not immune.

Read on for these five tips on how to protect yourself and your business.

  1. Beware of phone hackers.

A surprising amount of hacking depends on phishing, and not the digital kind. A hacker may call a receptionist or any more junior employee and try to mine the conversation for useful information. Teach your employees about this tactic and offer ways to counter callers who seem a little too curious.

  1. Choose your email system carefully.

Your email system is the weakest link in a cunning—and often highly effective—phishing technique known as “spear phishing.” Hackers who use this technique can send phishing emails under seemingly legitimate accounts. Imagine getting an email from your CEO asking you to transfer hundreds of thousands of dollars to an account. Or a similar email from an associate, contractor, or supplier. You’d answer it, right? Many people would.

Which is how the Boulder Valley School District lost $850,000 to scammers. They were lucky compared to MacEwan University, which lost $12 million to a scam.

It’s worth investing in a solid, secure email system. Before you ditch your cloud service, consider that most newer cloud-storage email systems have security that can help prevent these situations. Two-factor authentication is one.

  1. Bring security in-house.

It may be the last line item you want to add to your budget, but a dedicated security professional on your team can go a long way towards ensuring your company and its data are safe from attack.

If you just can’t make room for a full-time staff member, consider hiring a certified contractor to fill the gaps. Look for CISSP, CCE, CISA, CRISC, and GCIH certifications. The Federal Trade Commission has also produced this security guide for beginners. You may want to take a look.

  1. Don’t make too many admins.

Sure, it’s more convenient to add an additional admin to an account, program, or system, rather than finding an existing one. But convenience can also cost you in the long run, giving hackers access to a greater number of targets. You may need stakeholders to be able to access a BIM file, but does every member of every organization need access? Probably not.  For more advice on better security around BIM files, read this report by the Institution of Engineering and Technology.

  1. Update your software.

The business equivalent of going to the dentist, updating your software is vital to good cybersecurity. Updates will patch holes, fix bugs, and generally prep your system to handle newer forms of attack.

In short, the construction industry is vulnerable to the hacks, scams, and other forms of cyberattack that plague other industries. But with good security hygiene and a careful look at your existing security systems, you won’t have to worry.