Cybersecurity: Are You Prepared?

It seems that hardly a day goes by without a cyberattack making headlines. And if you think your company isn’t a likely target, think again. Increasing reliance on cloud computing and mobile devices makes the construction industry particularly vulnerable to data breaches.

Risks abound

Consider the many ways construction companies are using the Internet today:

  • Cloud computing to provide remote access to payroll, billing, estimating, procurement, scheduling and project management systems,
  • Ability to view and edit plans, specifications and other construction data online, and
  • GPS tracking systems to prevent theft and monitor usage of equipment, vehicles and other valuable assets.

While such Internet use increases efficiency and collaboration, it also increases cybersecurity risks. Hackers who gain access to these systems may be able to steal sensitive company or employee financial information. Or they might obtain valuable competitive intelligence.

They may also have the ability to interfere with a contractor’s operations or even endanger the safety of people on-site by destroying data, altering plans or accessing a building’s security systems. Some GPS systems allow users to shut off vehicles or equipment remotely or otherwise tamper with their operation.

Prevention is key

To prevent cyberattacks and mitigate the impact of any breaches that do occur, construction companies should have a strong cybersecurity program. Here are the steps to implementing a program:

  1. Take inventory of your network, systems, hardware, software and data, identify connection points and map out the flow of data.
  2. Conduct a risk assessment to pinpoint areas of vulnerability, including any bring-your-own-device (BYOD) policies and any third parties (such as vendors or service providers) with access to your network.
  3. Implement internal controls and protections, such as strong passwords and other authentication procedures, encryption, firewalls, limited physical access to hardware, and segregation of duties.
  4. Develop an incident response plan that establishes communication protocols and details the roles and responsibilities of management, employees and outside consultants in the event of a breach.
  5. Provide training to everyone who has access to the company’s information systems, handles sensitive information or plays a role in the company’s incident response plan.

Once you’ve implemented your plan, you’re not finished. You must constantly monitor your information systems for unusual activity using antivirus and antimalware software, intrusion prevention systems and other measures to ensure that breaches are detected as quickly as possible.

Closing the gaps

The level of cybersecurity you need depends on your company’s particular risk profile. An IT consultant can help by examining your information systems and identifying any potential security gaps.

© 2015

Information provided on this web site “Site” by Thompson Greenspon is intended for reference only. The information contained herein is designed solely to provide guidance to the user, and is not intended to be a substitute for the user seeking personalized professional advice based on specific factual situations. This Site may contain references to certain laws and regulations which may change over time and should be interpreted only in light of particular circumstances. As such, information on this Site does NOT constitute professional accounting, tax or legal advice and should not be interpreted as such.

Although Thompson Greenspon has made every reasonable effort to ensure that the information provided is accurate, Thompson Greenspon, and its shareholders, managers and staff, make no warranties, expressed or implied, on the information provided on this Site, or about any other website which you may access through this Site. The user accepts the information as is and assumes all responsibility for the use of such information. Thompson Greenspon also does not warrant that this Site, various services provided through this Site, and any information, software or other material downloaded from this Site, will be uninterrupted, error-free, omission-free or free of viruses or other harmful components.

Information contained on this Site is protected by copyright and may not be reproduced in any form without the expressed, written consent of Thompson Greenspon. All rights are reserved.