Some of the old-school methods of protecting construction sites are still effective. These include:
- Keep the sight well-lit
- Install fencing
- Designate only one entrance and exit point
- Record every employee and visitor’s arrival and departure times
- Move all portable tools and equipment to locked storage at the end of each day
- Engrave or place other permanent identification on all materials
- Hire a security guard
- Require daily inventory
But construction today has other threats you should be considering.
As the industry adds more and more technology to building processes, it’s become an increasingly attractive target for cybercriminals, who often are more sophisticated than we give them credit for. Although not considered true “construction equipment,” a contractor’s computers, laptops and mobile devices are the easiest points of entry to employee records and confidential client or financial information.
And it’s not the “mega builders” who can prove most lucrative for a thief—small and midsize construction companies frequently have less extensive cybersecurity protection in place, so they provide easy-in, easy-out access. Also, it often takes longer for those same companies to detect and close a data breach.
Categorizing construction as a lucrative, high-cash-flow business, Percipient Networks CTO Todd O’Boyle says the industry’s small and midsize businesses tend to be prime targets “because many don’t believe it will happen to them.”
Equally appealing to criminals is the increasing volume of “smart” equipment being installed in construction projects. What could someone possibly have to gain from hacking these types of items? How about corporate and client secrets, as well as the ability to hold a project hostage until “ransom money” is paid. As Alexander Heid, chief research officer at SecurityScorecard, explains: “The focus of malicious actors on the construction industry is expected to increase significantly within the coming years as construction firms begin standardizing the integration of ‘smart’ devices and IoT [Internet of Things] devices such as thermostats, water heaters, and power systems. These new IoT devices will create a larger attack surface that previously did not exist.”
As is typically the case, the best offense against these risks is a good defense. Some tactics to consider:
- Train employees. Phishing, which occurs when e-mailing thieves pose as innocuous information seekers—“I’m from client ABC and I lost the last invoice you sent, but I’m working from home today. Could you just send it to my personal email?” It’s human nature to trust, so encourage your staff to thoughtfully consider every request before providing any sensitive information.
- Compartmentalize data. Store confidential information on off-site servers. That way, if someone hacks a laptop or computer, they can’t delve too far into restricted content.
- Update firewalls, malware and anti-virus programs. You must stay current to stay protected.
- Hire outside security experts. Your expertise is construction. Theirs is technology. Let them do their jobs, so you can focus on yours.
- Maintain adequate cybersecurity protection. There are a variety of insurance options you can consider. Depending on your policy selections, you may be protected from not only the initial breach, but any business interruption costs or subsequent legal issues and recovery. Your insurance agent also can review potential breach points, and provide ideas for risk management and insurance safeguards.
Make no mistake, construction today is about more than bricks and mortar. As with most businesses, you have financial records, personal data and information as valuable as that found in any bank. Make sure it remains secure.
