Should Your Construction Company Conduct a Cybersecurity Assessment?

Cybersecurity is an important issue for every business, but it’s particularly critical in the construction industry. Contractors are particularly vulnerable to hackers and other threats because of the mobile nature of their businesses.

A cybersecurity assessment or audit can help ensure that your construction company is taking the proper steps to protect sensitive information. It can also give you a competitive edge by demonstrating to clients or prospective clients that you take information security seriously.

A closer look at threats

Many contractors today are taking advantage of technologies that allow them to share and view financial and job-related information from jobsites and other remote locations. They may use cloud-based systems for remote access to payroll, billing, estimating, procurement, scheduling and project management systems.

GPS tracking systems, robotics, 3D printing and other technologies are finding their way into the construction process. Many project teams use building information modeling or similar technologies to view and edit plans, specifications and other construction data online. All these things are raising the stakes of cyber-exposure.

With all this data flying around, the risk of a breach is high and goes far beyond disclosure of confidential financial information or competitive intelligence. It also raises serious concerns about potential personal injuries, property damage and work stoppage. Imagine the harm a hacker could cause by altering plans or specifications, destroying data, interfering with a building’s security or safety systems, or remotely tampering with vehicles or equipment.

Benefits of an assessment

Conducting a cybersecurity assessment helps you:

  • Take inventory of your hardware and software,
  • Identify potential vulnerabilities (including access by vendors, partners and current and former employees), and
  • Implement controls and other protections to reduce the risk of a breach.

It can also help you develop an incident response plan to mitigate the damages in the event of a breach.

There are several recognized cybersecurity standards and frameworks available to guide these efforts, including those developed by the National Institute of Standards and Technology and the International Organization for Standardization. Some construction companies may even consider obtaining a certification of compliance with one of these standards or frameworks. Doing so can create a competitive advantage, as an increasing number of government agencies and other clients are requiring their service providers to obtain such a certification.

Importance of protection

It may be comforting to think that the bad guys only go after the big guys. But hackers don’t always go after companies or other entities with deep pockets. Sometimes they attack the easiest target. Make sure your construction business is well protected.

© 2019

Information provided on this web site “Site” by Thompson Greenspon is intended for reference only. The information contained herein is designed solely to provide guidance to the user, and is not intended to be a substitute for the user seeking personalized professional advice based on specific factual situations. This Site may contain references to certain laws and regulations which may change over time and should be interpreted only in light of particular circumstances. As such, information on this Site does NOT constitute professional accounting, tax or legal advice and should not be interpreted as such.

Although Thompson Greenspon has made every reasonable effort to ensure that the information provided is accurate, Thompson Greenspon, and its shareholders, managers and staff, make no warranties, expressed or implied, on the information provided on this Site, or about any other website which you may access through this Site. The user accepts the information as is and assumes all responsibility for the use of such information. Thompson Greenspon also does not warrant that this Site, various services provided through this Site, and any information, software or other material downloaded from this Site, will be uninterrupted, error-free, omission-free or free of viruses or other harmful components.

Information contained on this Site is protected by copyright and may not be reproduced in any form without the expressed, written consent of Thompson Greenspon. All rights are reserved.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.