Cyber security and the risks faced by the construction industry

An industry that’s increasingly using technology and “smart systems” is also going to face more online security risks, and this is certainly true in the construction industry. Unsurprisingly, cyber-attacks and the failure of IT systems have been identified as being high on the list of major concerns expressed by business owners in the sector.

With the proliferation of email and other network-based systems, many more construction companies now hold sensitive data including employee records and business plans, and rely on connectivity with third-party systems.

The construction industry contributes 7% of the UK’s GDP, making it a valuable target; it’s the second hardest-hit industry for cyber-attacks in the UK, after the pharmaceutical and biotech industries. One of the most troubling aspects of the growth in IT crime is the increased targeting of smaller businesses.

Collecting and using data

No matter how big or small the company is, cyber criminals will always be looking for sensitive and personal information, and this makes the construction industry vulnerable. According to UK government statistics, 15% of construction business premises have been affected by online crime.

Many construction firms hold more data than they realise, and it all has a value to criminals. Everything, from employee and client details, payment and banking information and project plans, to intellectual property and building blueprints, is highly prized by hackers and thieves.

Back in 2013, hackers believed to be based in China accessed a construction company’s files and stole the plans for the new Australian Security Intelligence Headquarters. Needless to say, the company involved was subjected to some serious enquiries into its security systems and procedures.

Data is increasingly accessed on smartphones, tablets and laptops. It’s accessed remotely and on the move. Many workers in the construction industry use their own devices, and this poses additional security risks.

The consequences of cyber crime

The loss or compromise of data during a construction project can bring everything to a standstill. Delays have a serious impact on costs, and if the business is at fault it can be very expensive. Problems with data security often lead to industry and client relationships being strained, and seriously damage a firm’s reputation. Breaching the terms of the General Data Protection Regulation (GDPR) could lead to prosecution and large fines.

Crime prevention initiatives

There are various measures that everyone involved in a business should be aware of, including:

• Having a policy in place covering the procedures for collecting, using and handling data
• Keeping all IT systems up-to-date and having back-ups
• Installing antivirus and malware protection software, and using a secure Wi-Fi connection
• Making sure all employees understand their data handling and data protection responsibilities, including the requirements stipulated under GDPR
• Educating staff in the main areas of risk, including phishing scams and other online threats such as ransomware
• Implementing ISO 27001 to help ensure that you adopt the right policies and have the right safeguards in place to protect against security breaches.

Be aware and plan accordingly

Construction companies need to start thinking of the information they hold online as a major business asset and protect it accordingly. With online crime and hacking attacks likely to increase, everyone involved within an enterprise needs to remain vigilant. Having a clear data protection policy in place, and ensuring it’s reviewed and updated regularly, will mean your business is better protected.