Do You Have a False Sense of Cybersecurity?
Even before the COVID-19 pandemic, construction businesses were increasingly relying on mobile devices, cloud-based applications, online collaboration, and Internet-connected vehicles and equipment. The pandemic has only accelerated the adoption of these technologies. As the number of entry points into your company’s network increases, so does your cybersecurity risk.
Many of the most infamous data breaches have involved large retailers or financial institutions. However, recent headlines have involved cyberattacks on other types of businesses — including construction companies. Contractors are attractive targets for cybercriminals, not only because of the mobile nature of their systems but also because of the many ways a cyberattack can do serious damage. Examples include:
- Disrupting or delaying projects with a ransomware or malware attack,
- Disclosing confidential bid information, and
- Stealing proprietary designs, blueprints, schematics or specifications.
Cybercriminals can also cause property damage or bodily injury by deleting data, altering plans or specifications, interfering with a project’s security or safety systems, or tampering with vehicles or equipment.
Watch Your Supply Chain
As we’ve seen recently, critical third parties in your supply chain can be victimized. Cyberattacks on these parties can interfere with your ability to obtain fuel and key materials, negatively affecting project timelines.
For example, earlier this year, a ransomware attack shut down Colonial Pipeline. The company reportedly paid a $5 million ransom to regain control of its systems. Although the cybercriminals responsible for the attack provided a decryption program for the business to recover its data, the process was so slow that the company ended up restoring the affected systems from its own backups. Attacks like this are expected to increase.
Assess Risk, Deploy Strategies
To better protect your company against cyberattacks, conduct a cybersecurity assessment. Doing so involves taking inventory of your hardware and software, as well as mapping your network, data flows and entry points. This includes access by employees, vendors, and collaborators such as architects or engineers.
Ultimately, you want to identify every potential vulnerability. Armed with this information, you can then implement internal controls and external protections to reduce the risk of a breach and develop an incident response plan to mitigate damages should one occur.
Strategies for preventing cyberattacks include strong passwords, dual-factor authentication to prevent unauthorized access, and software tools that monitor for and prevent intrusion. Keep mobile devices and computers current with the latest updates and security patches. Educate employees to help them identify and avoid phishing attacks and other threats. Training employees is particularly important because most cyberattacks are because of human error rather than technological failures.
Among the most effective strategies is to follow rigorous backup protocols to ensure that you can resume operations quickly in the event a cybercriminal destroys or blocks access to your data. Backup data should be encrypted, stored off-site and segregated from the systems being backed up to ensure they’re accessible in the event your main network is compromised.
Like most construction businesses, yours likely will increasingly rely on mobile and cloud-based technologies — even after the pandemic. To protect yourself in this environment, conduct a cybersecurity assessment as mentioned. Then implement strategies for minimizing your distinctive risks and facilitating a quick recovery should an attack occur.