Do You Have a False Sense of Cybersecurity?

Even before the COVID-19 pandemic, construction businesses were increasingly relying on mobile devices, cloud-based applications, online collaboration, and Internet-connected vehicles and equipment. The pandemic has only accelerated the adoption of these technologies. As the number of entry points into your company’s network increases, so does your cybersecurity risk.

Fight Complacency

Many of the most infamous data breaches have involved large retailers or financial institutions. However, recent headlines have involved cyberattacks on other types of businesses — including construction companies.

Contractors are attractive targets for cybercriminals, not only because of the mobile nature of their systems, but also because of the many ways a cyberattack can do serious damage. Examples include:

  • Disrupting or delaying projects with a ransomware or malware attack
  • Disclosing confidential bid information
  • Stealing proprietary designs, blueprints, schematics or specifications

Cybercriminals can also cause property damage or bodily injury by deleting data, altering plans or specifications, interfering with a project’s security or safety systems, or tampering with vehicles or equipment.

Watch Your Supply Chain

As we’ve seen recently, critical third parties in your supply chain can be victimized. Cyberattacks on these parties can interfere with your ability to obtain fuel and key materials, negatively affecting project timelines.

For example, earlier this year, a ransomware attack shut down Colonial Pipeline. The company reportedly paid a $5 million ransom to regain control of its systems. Although the cybercriminals responsible for the attack provided a decryption program for the business to recover its data, the process was so slow that the company ended up restoring the affected systems from its own backups. Attacks like this are expected to increase.

Assess Risk, Deploy Strategies

To better protect your company against cyberattacks, conduct a cybersecurity assessment. Doing so involves taking inventory of your hardware and software, as well as mapping your network, data flows and entry points. This includes access by employees, vendors, and collaborators such as architects or engineers.

Ultimately, you want to identify every potential vulnerability. Armed with this information, you can then implement internal controls and external protections to reduce the risk of a breach and develop an incident response plan to mitigate damages should one occur.

Strategies for preventing cyberattacks include strong passwords, dual-factor authentication to prevent unauthorized access, and software tools that monitor for and prevent intrusion. Keep mobile devices and computers current with the latest updates and security patches. Educate employees to help them identify and avoid phishing attacks and other threats. Training employees is particularly important because most cyberattacks are because of human error rather than technological failures.

Among the most effective strategies is to follow rigorous backup protocols to ensure that you can resume operations quickly in the event a cybercriminal destroys or blocks access to your data. Backup data should be encrypted, stored off-site and segregated from the systems being backed up to ensure they’re accessible in the event your main network is compromised.

Be Prepared

Like most construction businesses, yours likely will increasingly rely on mobile and cloud-based technologies — even after the pandemic. To protect yourself in this environment, conduct a cybersecurity assessment as mentioned. Then implement strategies for minimizing your distinctive risks and facilitating a quick recovery should an attack occur.

© 2021

Information provided on this web site “Site” by Thompson Greenspon is intended for reference only. The information contained herein is designed solely to provide guidance to the user, and is not intended to be a substitute for the user seeking personalized professional advice based on specific factual situations. This Site may contain references to certain laws and regulations which may change over time and should be interpreted only in light of particular circumstances. As such, information on this Site does NOT constitute professional accounting, tax or legal advice and should not be interpreted as such.

Although Thompson Greenspon has made every reasonable effort to ensure that the information provided is accurate, Thompson Greenspon, and its shareholders, managers and staff, make no warranties, expressed or implied, on the information provided on this Site, or about any other website which you may access through this Site. The user accepts the information as is and assumes all responsibility for the use of such information. Thompson Greenspon also does not warrant that this Site, various services provided through this Site, and any information, software or other material downloaded from this Site, will be uninterrupted, error-free, omission-free or free of viruses or other harmful components.

Information contained on this Site is protected by copyright and may not be reproduced in any form without the expressed, written consent of Thompson Greenspon. All rights are reserved.