November 30th 2017

Cyber Security in the Construction Industry

Posted by:

Stuart Stead

A engineer uses a future technology platform to verify the graphic in holography and augmented virtual reality. Concept: future technology, multimedia technology, futuristic engineering.

For a hands on industry which constructs so much offline, it is surprising that the Construction industry is in fact one of the industries at most risk of online crime. According to statistics released by the UK Government and The Home Office, in 2015, there were 77,000 incidents of online crime against construction companies.

Keeping cyber bad guys at bay is hard.  They are busy, well-motivated and well-financed and recent figures indicate that about 30,000 websites a day are being compromised.

So, should you be concerned about cyber security within your construction firm?  In short, yes, no matter what the size of your business. The nature of commerce in the 21st century means that there are very few firms who do not make heavy use of technology. Websites, apps, smartphones, tablets, social media and cloud services are all now standard ways of doing business.

Cyber security is often overlooked in favour of other priorities but this can be dangerous and experience has shown that whether a business has a large sophisticated network or a small standalone system, it can be at risk. According to a recent survey of the worst data breaches among small firms, becoming a victim of a cyber-attack costs smaller firms between £65k and £115k.  Finding that much cash to clean up after a breach could mean the difference between keeping trading and going bust.

Construction firms have access to a wealth of information which might be desirable to hackers such as architectural drawings, corporate banking accounts, employee information including National Insurance numbers, addresses and bank details, customer and supplier information etc.

Further, projects often provide multi-user access, allowing builders, engineers, planners, designers and contractors to access information simultaneously and hackers may look to obtain private sensitive information using your system to access the networks of any of these parties as well as your own.

Organisations must ensure that everything is done to minimise their exposure with all necessary checks and protections put in place as well as being prepared in the aftermath of any attack.

Here are a few tips to improve your cyber security:

  1. Do you have antivirus, encryption and malware protection on all Desktops, servers, laptops, mobile devices and is it up to date and running?  How many threats are being blocked, how would you know if any of these tools failed?
  2. Identify the technical controls that are protecting your business; firewalls, network monitoring, updates and patching. These controls are your defences and you should be aware of their features and limitations.
  3. Think about the wider connectivity of your business- Wi-Fi, home and remote workers, suppliers and contractors, mobile devices, staff turnover – all these are avenues of attack that could lead to impact on your business if exploited.
  4. Training and awareness of security policies and procedures for ALL staff is just as critical as health and safety with real risks to your business stability.
  5. Consider cyber insurance and develop a response plan, should the worst happen you will need to respond and recover.

Construction companies must deal with cyber security in a proactive manner, reducing not only their own risk but the risk to their employees, clients, suppliers and all involved in the project across the board.

To discuss this or any other issues please contact Stuart Stead, Partner and Head of Property and Construction at stuart.stead@cowgills.co.uk or on 01204 414243.