Why Cyber Security is So Important for Your Construction Data

When it comes to the physical assets at your jobsites — supplies, tools, heavy equipment, building materials and the structure itself — there are certain steps you take to protect them against damage and theft. But one of your most important assets that isn’t so tangible requires its own safeguards; your data. With construction project information shifting from hard copy to digital formats and even the cloud, becoming more integrated through digitalization, protective procedures have moved from simply locking up filing cabinets and jobsite trailers to implementing layered cyber security measures.

Cyber security protocols should be part of every construction company’s ongoing risk management and mitigation strategy. A solid strategy is necessary in order to protect vital business and project information — bids, drawings, virtual 3D models, contracts, financials, personnel information and other sensitive data. The following are some suggestions for what to look for as you plan your best security options.

Construction cyber security considerations

Construction data security is a must for every construction company but can take on extra importance if you answer “yes” to any of these questions:

Do you have a large number of subcontractors who will be accessing and engaging with the data?

Construction projects have the right conditions for a cyber-attack. Thousands of subcontractors and general workers come and go during the course of a lengthy capital project. Their work is done at a jobsite instead of an office setting. This is where employees are likely to have the strictest measures such as software security training, company-issued computers with pre-loaded security software, required password changes every three months, and so on.

Subcontractors are unlikely to have the necessary software security training, nor the awareness of the types and severity of risks that they might unintentionally expose you to, such as weak passwords. That makes each extra person beyond your business’s security perimeter who accesses your systems for documents and data an entry point for cyber-attacks.

Has your construction company adopted hybrid or fully remote work for back office employees?

This newer work arrangement may be more convenient for employees and more cost-effective for the construction company in terms of less overhead, but it can raise serious IT vulnerability issues with so many people working from home using personal laptops. Home networks are much less secure than corporate ones. The same goes for your vendors and others in the supply chain with whom you share sensitive and even restricted information.

Do employees and/or subcontractors use their own mobile devices to access your data via apps? 

One of the key game changers for construction projects is mobility. Mobile apps created for construction software are meant to work specifically on mobile devices such as jobsite tablets and even smartphones. They’ve made it possible to improve productivity and communicate and share project information in real time. Such apps are a must for any capital project to maintain workflow, especially so if the jobsite is spread out across a wide footprint that would make trips to the onsite trailer for information inefficient. But without adequate security, they can become a direct path for cyberattacks.

Are you working on substantial capital projects, especially those that are government funded? 

Protecting project, business and personal data is a primary goal of any construction data security plan. But when it comes to government-funded projects, threats to sensitive information can have national security and economic ramifications, let alone disrupt the project itself. If you intend to add such projects to your portfolio — including infrastructure projects — you’ll have to demonstrate you meet strict security requirements for software and hardware in order to protect restricted information.

Essential construction data security measures

At a minimum, ensure these construction data security measures are in place:

• Strong passwords are worth emphasizing, especially because so many people create weak ones and often reuse the same one across multiple websites and platforms. If accessing data using personal laptops or mobile devices, stipulate that the same password shouldn’t be used for both personal and business purposes and require new passwords every few months, with none reused.
• Dual authentication, also known as two-factor (or multi-factor) authentication, requires a user to confirm their identity through two distinct means, often by entering codes sent to their other previously validated device, such as a text to a smartphone.
• Role-based access control (RBAC) bases this access on the job function rather than specific individuals, which would be cumbersome to implement and maintain.
• Patches and software updates for any security fixes should always be current. If your construction software is cloud based, this can be managed remotely for those back office employees working from home.
• A disaster recovery and regular backup plan helps ensure business continuity in the event of security-related data loss or breach.
• A firewall as a guard controlling the comings and goings through your software and network to prevent attacks on company data. You may have already had to make adjustments to allow remote employee access. Configure the settings to update regularly and automatically.
• Advanced email filtering can greatly reduce unsolicited emails from getting through. Such emails disguised as being from a trustworthy source remains a popular way for cyber attackers to gain access to sensitive information and corporate networks.
• Training on cyber security protocols. What staff (and subcontractors) don’t know can hurt your business and your project. They should know the different ways attackers can target them, what they can do to prevent being hacked, and how to determine and report suspicious attempts.

All this being said, construction data security concerns shouldn’t deter any construction company from adopting digitalization to improve how it conducts business and manages projects. If anything, today’s advanced project software can help you lock down your security at a new and more reliable level. Remember, your security is truly only as strong as your weakest link.