Did you know that an employee’s seemingly innocent comment about your business posted on a social media site could put company data in jeopardy? Or that a vendor’s phone number could make your computer system vulnerable to attack?

“Businesses often underestimate the value of the data they have. They assume that names and emails aren’t as valuable as more personal data, such as social security numbers or credit cards, but the fact is all types of information should be held close,” says David Thomas, CEO and co-founder of Evident, a platform that keeps personal information secure for businesses.

“Most types of information a business collects on customers, partners, or employees is valuable to a hacker,” says Thomas.

Construction company data at risk

If your company’s information is stored in one centralized database—as is often the case with construction businesses—you are at risk of a breach.

“Businesses often underestimate the value of the data they have.” – David Thomas, CEO and co-founder of Evident

“Hackers need only crack one repository of data. This gives them access to thousands of data points related to workers, customers, and vendors,” says Thomas. “Since the construction industry regularly hires workers across multiple locations, key information can easily become at risk.”

The fallout may be enormous. In fact, it was an HVAC contractor’s data breach that led to hackers gaining access to 40 million shopper credit and debit cards during a 2013 Target breach.

Software that allows the sharing of architectural renderings also puts construction companies and their customers at risk. Hackers may be able to access architectural designs, including security system layouts.

Securing your company’s data

Given the sophistication of today’s hackers, it takes a broad approach to protect your company data. Phishing and malware are two of the most common data security threats, and they both rely on human error or ignorance.

“Businesses need to prioritize security, starting with the training and education of all staff that have direct or even indirect interaction with personal data,” says Thomas. “Creating rigorous guidelines and ongoing training for team members can be the difference maker in the face of a threat.”

There are several steps you can take to establish security protocols that will help keep your company information safe.

1. Educate about the risks of social media

Employees may reveal a great deal about themselves on social media. This allows hackers to “scrape” those sites for information that can be used to craft phishing emails. As a result, employees receive emails with what seems like valid information. If they then unwittingly click on fake websites, your workers can introduce malware onto the company’s computer system.

Counsel employees to always check the source of an email before clicking on any links or attachments. Also require your employees not to post carelessly on social media about the company — especially its internal business or any trade secrets.

2. Establish security protocols

There should be strict processes and procedures for how information from customers, vendors, and employees is handled. “Information provided by an applicant or even subcontractor needs to be thoroughly vetted to ensure that it is secure, valid, and accurate,” says Thomas.

3. Provide mobile device education

Explain to employees and vendors how mobile devices can open a point of entry for hackers. Provide instructions for how to protect information on mobile devices. This is especially important if employees connect them to the company’s internal network. Manage what devices employees are allowed to use on internal networks and what’s permitted to go on those devices.

4. Require secure passwords

Hackers often gain access to computer systems because of weak passwords. An effective password is at least eight characters that are a combination of numerals and letters. The password should be complex, difficult to guess, and random. If possible, use two-step verification. This requires a code texted to a cellphone in order to sign in.

The threat of a breach to your company is real and becoming more imminent. “Cyber criminals are getting smarter and are actively looking for opportunities to access large volumes of data with the least amount of effort,” says Thomas. “The only way for a construction company to decrease the risk of a breach is to make cybersecurity a priority.”