Some contractors might assume hackers won’t bother with smaller construction businesses. Sadly, they’d be wrong.

Construction companies tend to have high turnover rates, which means they store lots of personal data on past and present employees. And they usually have access to technical plans and information about building management systems, which can now often be accessed (read: hacked) online.

Perhaps worst of all, many construction businesses have limited IT resources and defenses — so they’re especially vulnerable. Here are six ways to fortify your cybersecurity defenses:

  1. Conduct regular cyber risk assessments. Evaluate your systems to determine what kinds of data your staff generates and processes. Also identify where it’s stored. From there, you can implement the latest and optimal protective steps. Because technology changes rapidly — as does the sophistication of cyberattacks — follow these procedures at least annually.
  2. Educate employees. Ensure every staff member knows how to properly use technology, handle confidential information and report cyberthreats. Provide targeted training on dangers such as:
  • Phishing (socially engineered attempts to fool users into divulging sensitive data),
  • Malware (invasive damaging software usually hiding in links or email attachments), and
  • Ransomware (a type of malware that captures files and encrypts them, or even locks a device, enabling hackers to demand a ransom for decryption or to unlock the asset).

Cybersecurity training should also occur as part of onboarding, whenever a new device is issued and at least annually as a refresher.

  1. Use multifactor authentication. Every one of your construction company’s devices, systems and apps should, at the very least, be password-protected. However, the latest standard is to require multifactor authentication — that is, multiple credentials, such as a password plus a numerical code — to add another layer of security. If your construction company’s employees use personal devices at work, instruct them to use multifactor authentication as well.
  2. Keep software updated. As updates and patches are released, be sure they’re immediately downloaded onto your construction business’s systems and devices. And, again, if your workers use personal phones or other devices on the job, train and remind them to check for and download updates as soon as they become available.
  3. Erase hard drives before disposal. Laptops, mobile devices, tablets, and even some printers and copy machines hold sensitive data and should be fully wiped before disposal. The same goes for leased equipment before returning it.
  4. Look into cybersecurity insurance. This coverage is designed to mitigate losses from a variety of incidents, including data breaches, business interruption and network damage. At a minimum, a policy should cover liability for data breaches involving sensitive customer information, such as credit card numbers and driver’s license numbers.

Like any type of insurance, cybersecurity coverage should be bought only after careful due diligence and within a sensible budget. We’d be happy to help you assess such a purchase or better identify the costs associated with strengthening your construction company’s cybersecurity.

© 2023