Every day, new instances of data breaches, ransomware attacks, and cybercrimes affect companies around the world.  Many of these companies are in the construction industry. For some, the thought of protecting one’s organization from cyberattacks may seem overwhelming or cost and time prohibitive. However, any company that is connected to the internet faces risks and potential liability for failing to implement proper cybersecurity policies.

With the right team of experts, strengthening a company’s baseline cybersecurity can be both inexpensive and relatively simple. Below are three practical and affordable measures to do so: 

1. Enhance Security. Institute appropriate security measures. Not only is this a pragmatic step to deter cyberattacks, but it can also be a legal requirement. For example, the new Alabama Data Breach Notification Act requires certain companies, including those in the construction industry, to “implement and maintain reasonable security measures.” Accordingly, companies should start analyzing what security measures may need to be in place. This can present unique challenges for construction companies. For example, the increased use of design and modeling applications and multi-user collaborative platforms create additional data and access points that are sometimes difficult to manage. Easy security measures that should be implemented include updating antivirus software and installing firewalls and patches regularly. Companies should also safeguard WiFi networks, use VPNs, employ data purging policies, and require multi-factor authentication for all devices. Additionally, construction companies should consider including data privacy and security provisions in all contracts. These may include notification requirements, cybersecurity insurance, training, retention policies, limiting access, and establishing data tiers. 
2. Perform Training and Monitor Compliance. Educating employees at all levels of the organization on risks, threat actors, attack vectors, and prior incidents involving construction companies is critical. It is equally important to ensure compliance through consistent monitoring and testing of company cybersecurity policies. 
3. Prepare for the Inevitable.  It is essential to develop a cyberattack response plan now so that damages can be mitigated and actions taken immediately. Key components in a plan may include identifying critical systems and assets that would prevent the company from doing business, employing the use of backup systems, gathering forensic data from affected systems, and notifying law enforcement and legal counsel. 

All construction companies should recognize the potential harm of cyberattacks and implement appropriate practices. While each organization’s needs vary, these steps can help provide a baseline of protection against cybercrime. 

Republished with permission. This article first appeared in the April-June 2018 issue of Alabama Construction News.