How to Manage Cybersecurity Threats in Construction

Posted by IronPlanet on Jul 23, 2019 12:23:08 PM

Blue Coat Photos

The construction industry has become progressively high-tech over the past two decades. Moving past what was once reliant on callused hands and sweaty brows, construction businesses have incrementally transformed their work environments through digitizing documents and designs, upgrading equipment with advanced technologies and connecting all ends of their operations through the IoT. Although these 21st century upgrades have contributed to permanent, positive innovation across the industry, the increase of interconnected online technology has also revealed critical cybersecurity threats which have yet to be properly understood or addressed by many construction professionals.


That’s right: just because much of your team works with their hands instead of computers doesn’t mean you’re invulnerable to cyber attacks. Over the past decade, cyber criminals have expanded their attention towards small and medium sized businesses -- especially in the construction industry -- turning the distant prospect of cybercrime into a legitimate risk for organizations like yours. According to recent studies by security experts at Knowbe4, the construction sector is among the most susceptible to attacks, particularly phishing scams, with 37-38% failure rates across small, medium and large organizations. Understanding the ways your company may be targeted by cyber attacks like these is the first step to building an initial line of defense and determining what specific measures should be taken moving forward.


Identifying the Types of Threats


Malware: These days, clicking an unfamiliar email link or visiting the wrong website can have dramatic consequences. Viruses, worms and other malicious, backdoor programs are rife online, meaning that your business is often under threat, even if that threat is invisible or incognito. Without proper defenses, a successful malware attack can result in the theft of sensitive information and irreparable damage to your reputation.


Ransomware: The only thing worse than having your systems shut down is having to pay to bring them back online. As a distinct form of malware, ransomware forces companies to do just that by locking users out of essential equipment until cyber criminals receive a fee to return access. Apart from costing you money to pay off your attackers, ransomware has the compounding effect of delaying progress on your projects by tying up system-reliant resources.


Phishing: Social engineering has become a leading tactic of modern cyber crime. Online criminals have become experts at spoofing cell numbers and emails from high-level employees or respected contacts. Once successfully disguised, criminals use these impersonations to convince employees into sending large amounts of money or valued data voluntarily. In other words, simply asking employees to deliver what they want is often enough for criminals to score big.


Guarding Against Cyber Attacks


Protect Your Network:

Whether it’s proprietary designs, personal information, company secrets or high-value data, sensitive information is constantly flowing back and forth through your network. Compounding the inherent risks of regular email communications and online activity, growing elements of the construction industry have become reliant on network sharing devices like drones and wearables which interconnect to the rest of your ecosystem, potentially exposing your confidential information to manufacturer defects/oversights. Once an opening has been found, either through your primary communications system or a back door, hackers can gain unmitigated access to all of your precious informational resources without you being able to respond.


Employing a firewall-as-a-service or extensive security solution is perhaps the best way to implement a primary shield against hackers. In addition to identifying active threats, a good security system will also employ advanced features like web filtering and file scanning to prevent employees from accessing dangerous websites or opening malicious programs. Since a single weak link in your network chain can provide hackers with the opportunity they’re looking for, we recommend changing all default passwords associated with third party products and reviewing all factory settings before allowing access. Likewise, compelling employees to update their own personal passwords frequently also helps to keep criminals on the backfoot.


Manage Third Parties:

From vendors to sub-contractors, professionals are constantly moving in and out of the modern construction business as fast as data moves across it, including those who aren’t directly part of your organization. Typically, these workers are connecting to shared information technology networks, which exposes you to all of threats they have yet to address or have already been exposed to. This creates multiple, hard-to-manage points of access which exist throughout your area of operations and potentially beyond.


Experts suggest launching a second wi-fi network for visiting workers to establish a buffer environment. By isolating connectivity, you’ll be one-step ahead of any missteps lurking beyond your control. Also, many industry leaders recommend taking legal precautions by reviewing the legal standards and practices of those you’ll be doing business with. Organizations with top-of-the-line security protocols and training are much less likely to expose your company to a breach; carefully considered contracts with those partners can mitigate issues of liability. In the event something manages to slip through the cracks, cybercrime insurance goes a long way to minimize the inevitable fallout, if it fits your budget.


Eliminate Human Error:

Often times we are our own worst enemy. Unfortunately, those with malicious intent have developed techniques and technologies which can easily convince us to reveal secrets and exploits voluntarily. Social engineering, as we mentioned the practice is called, has been the catalyst of innumerable disasters, making the human component of the digital sphere an unavoidable risk to your cyber systems. The reality is no amount of firewalls, security systems, or alarms can prevent you or your employees from getting tricked into handing over the prize themselves.


The best way to prepare against social engineering probes, and cybercrime in general, is to train your workforce to understand and follow safe practices. Providing your team with adequate training so they can identify and report malicious attacks will help to reduce susceptibility to all forms of cyber threats -- especially self-imposed security breaches. A team that is unaware or undereducated on social engineering tactics will be ill equipped to make the right decisions when a cyber criminal approaches them with a malicious request. While criminals have become quite ingenious in their methodology, the good news is that exposure to the practice of social engineering is proven to reduce the rates of successful attacks by as much as 50%.


Now that you have a plan to prevent the next cyber attack on your business, it’s time to get to work! Head over to to browse, buy now or bid on used excavators, cranes, and dump trucks for sale.


[Photo courtesy of Blue Coat Photos]

Topics: Construction, Industry Headlines, Data, 2019