Those who work in the construction industry face a heightened risk from cyber threats due to the nature of their work, operating in remote or on-site environments and relying heavily on contractors and subcontractors for large portions of the work.
This means that for construction firms data security must be among one of the top priorities in order to keep the business safe with its reputation intact.
Frequent Mistakes in Construction Data Security
Much like a predator in the wild, hackers seek to exploit weakness and target those whose defences are lacking.
There are a variety of different ways that through neglect, inaction or simple mistakes, construction firms leave the door open for cybercriminals and highlight their vulnerabilities.
However, the majority of data breaches occur due to a handful of common errors that are frequently overlooked. These include
Failure to have a data security policy—one of the key areas where construction firms go wrong is their failure to have a comprehensive data security policy. The reasons for this are that it is either seen as unnecessary, company owners do not have the required training to know what should be included, or the idea has not occurred to the business owners in the first place -
Poor device security—with employees and contractors working remotely from on-site locations using their own devices this presents a variety of security problems. These issues are especially compounded when employees use their work devices for home use and vice versa.
Weak or default passwords—as many users typically fail to use a strong password this makes the job of the cybercriminal much easier. This is especially the case when often, users use the weakest possible password such as password1, or neglect to change it from the default setting that is automatically given.
Attempting to handle data security in-house—with budgets stretched to the limit it is easy to see why many construction firms make the wrong decision and use existing staff for their data security processes. However, much the same as you would not attempt to handle legal matters without the appropriate experts, all elements of data security from training, monitoring, analysis and implementation of any systems should be handled by dedicated professionals in data security.
Guarding Against Data Breaches—What Preparations Should You Take?
There are several steps any construction firm can take to mitigate the effects and potentially avoid falling victim to a data breach. These include preparing your business with
- A comprehensive data security policy
- Staff training on correct security procedure
- Regular backup of critical data
- An effective disaster recovery plan
- Intrusion detection systems to monitor network traffic
- A comprehensive network security audit of existing systems and infrastructure
- Encrypting sensitive data
- Control access and privileges
- The adoption of an incident response plan, like a dry run or security drill for dealing with any cyber threat
What to Do in the Event of a Data Breach—Containment and Investigation
The response for dealing with a data breach should be similar to dealing with a fire—if it is dealt with early the effects may be minimal but if left for half an hour or more you may be looking at thousands or millions of pounds’ worth of damage. Seconds count so it is important that all staff members have some understanding of what to do in the event of a data breach and act quickly.
In order to lock the intruder out of your business you should
- Disable remote access
- Change passwords to access network and systems
- Lock down systems with two-factor authentication and the highest possible security setting that requires a password/code for every transaction or significant process
- Log actions taken and times of events
- Initiate your incident response plan, contact members of your incident response team informing them of the situation and the need to assemble the team and deal with the ongoing events
- Disconnect from the internet if possible or isolate servers that run financial transactions and critical business processes—move financial transaction-based servers into a different environment on their own temporary system and limit network activity to critical business processes
- Do not panic and rush into actions that may be counterproductive or destroy critical evidence
- Do not delete everything in sight and reinstall the entire system just yet—it is important to contain and preserve any malware or affected files or systems so proper analysis and investigation can take place
Assessment and Investigation
Once the business is fully secured so you are sure that the hacker or malicious actor is not still operating on your network or accessing your data, then a thorough analysis and investigation should take place to prevent further incidents of this type.
These steps would include:
- Check logs from intrusion detection systems or wherever the breach was first identified
- Identify the method of entry or access point used and assess the extent of the damage and which servers and systems have been affected
- Take detailed event logs in an incident reporting register
- Notify affected parties, customers and relevant authorities such as regulators like GDPR and law enforcement agencies
- Seek professional help from expert data security analysts—if there are none on hand then now would be a good time to engage these services
Choosing a Dedicated Cybersecurity Response Team
Your response plan should include an incident response team that includes investigators, communications, team leaders, breach response experts, PR, legal, and IT specialists. The roles that staff will adopt in any breach should be clearly identified in the incident response plan.
Further to this, construction businesses should employ the professional services of cybersecurity advisors and response teams that can assist with data breaches and strengthening defences.
Among their services, you should look for:
- Intruder detection systems
- Live threat monitoring
- Cybersecurity awareness training
- Infrastructure and operations analysis and auditing
- 24/7 support and advice when needed in an emergency
- Incident response teams
At Lyon, we provide all of the above services, along with a range of options depending on the needs of your business. Get in touch with our experts in data security today and we can assess the risk level of your construction firm and which steps need to be taken to ensure the business is fully secure from any cyber threat.