The Ultimate Guide to Cybersecurity in Construction Industries

We live in an age where almost everything is connected to the online, digital world. And with the rise of smart devices and IoT (“internet of things”), the amount of web-based devices and appliances will only continue to grow in coming years. Technology is also becoming a key ingredient to running an effective construction or field service business, whether through helpful apps or high-tech hardware.

While technology has changed the way the world functions and paved the way for countless innovations, it’s also had another, unanticipated consequence: increased cyber attacks.

How serious is cybersecurity really?

As the world continues to go digital—from businesses to the government to private individuals—it also leaves these groups more vulnerable to cyber crimes such as identity theft, phishing, malware infestation, drained bank accounts, and more.

Unfortunately, this is far from an uncommon occurrence. In fact, according to a recent Harris Poll, over 60 million Americans were victims of security breaches like identity theft in 2018 alone. If you live in the United States, you’re even more likely to be the victim of a cyber attack—as the same report found the U.S. to be the #1 target for hackers.

Individuals aren’t the only targets: Businesses of all kinds commonly fall prey to cyber attacks, and these come with a high price tag. According to IBM’s cybersecurity research hub, Ponemon Institute, the cost of an average data breach to a U.S.-based company is $7.9 million. This is partly because it takes the same business an average of 196 days to identify a data breach is happening in the first place.

To combat these hackers, the field of cybersecurity was created. The definition of cybersecurity refers to the processes and technology designed to protect networks, devices, and data from attacks or any form of unauthorized access by cyber criminals.

Why is it so difficult to protect yourself from a cyber attack?

One of the main reasons cyber attacks are so common is simply the sheer number of apps, websites, social media platforms, ecommerce retailers and other online outlets that have access to your private information. Not all sites are created equal, so their attention to cybersecurity and privacy can vary widely, leaving your data at risk.

While technology has changed the way the world functions and paved the way for countless innovations, it’s also had another, unanticipated consequence: increased cyber attacks.

You might be surprised to learn how organized and collaborative many cybercrime rings lurking in the Dark Web are when it comes to sharing and selling information, organizing attacks and more. This makes their goal of accessing your sensitive business data that much more attainable. Additionally, when you run a construction or field service business with a shared network or cloud system?, you need to worry about more than securing your information on an individual level. You have to do the same for your employees, who might be operating on company phones, tablets, and other devices. If one of your employees opens up a hacker’s attachment or file sent through a phishing email, the safety of your entire system could be compromised.

Why is construction cybersecurity so important?

There’s always a tradeoff when it comes to using Internet-based tools and apps. In exchange for the problems this software solves, you put your data and personal information at risk (again, depending on the practices of the host company selling you the software). However small or unlikely that risk is, it could cost you big-time, so you’ve got to be prepared. Here are some of the most common repercussions for businesses that were victims of a cyber crime.

Leaked records and files

If a hacker zeroes in on your business, sensitive information such as your credit card information, business account details, tax ID numbers, employee health records, and more could be exposed. With this information in circulation across the Dark Web, it becomes easier and easier for repeat attacks to occur. For a fee, hackers can sell your private information to fellow cyber criminals, making it simple for them to log into your personal accounts, drain your bank accounts, access your health records, and much more.

Lost money

With access to personal information, attackers are more easily able to hack into your company’s bank account. While most banks have become adequate at identifying fraudulent charges early on, it’s still difficult to catch everything. Because cash flow is king in construction with everything from payroll to materials procurement, having instant access to business funds is critical to the success or failure of your company—and credit card or bank account issues could mean project failures or even lost business.

Lost time

The ripple effects of a cyber attack exist long after the issue is discovered and resolved. You’ll need to spend time away from your business rebuilding infrastructure, hiring experts to fix these problems, communicating back and forth with banks and more—giving you less time to land deals, build your team, and move your business forward.

The 3 most common forms of cyber attacks

While there are dozens of types of cyber attacks, here are the most common types for American businesses.

Malware breaches a network through a vulnerability—usually from a user clicking a dangerous link or email attachment which then installs risky software. From there, the attacker can access sensitive information, make the system non-functional, and more.

Phishing: Phishing is the practice of sending fraudulent messages that appear to come from a reputable source, typically through email. The goal is to steal private data such as credit card information and login credentials, or to install malware on the victim’s machine.

Man-in-the-middle attacks: Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when cyber criminals insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data. This commonly happens on unsecured wifi connections and hotspots.

How to protect your company from cyber attacks

The reality today is that no matter how careful we are, no matter how well we design our strategies or how thoroughly we educate and engage employees, we’re never 100% safe against a cyber-attack.
– Marc van Zadelhoff, former VP of IBM Security

While van Zadelhoff is right—there isn’t a surefire, foolproof way to protect your company from security breaches and critical infrastructure cyber attacks—there are a few steps and powerful strategies you can implement to make it much less likely you’ll fall prey to them. Here are four places to start.

1. Educate your employees.

As the owner or operator of a construction business who is already spinning a dozen plates in the air, it’s easy to overlook educating your employees on best practices to prevent cyber crimes. Yet, whether you have workers who run your social media accounts, business-related email addresses for workers, or devices your employees use such as company phones and tablets, your data could be at risk—which is why educating your employees could go a long way.

To start, be sure your workers know to:
• Not open email attachments from unknown people while on any company device or while logged into their company email—which could be phishing emails
• Only log into secure wifi networks while on company devices
• Change their passwords on a regular basis
• Make sure passwords are secure by including a combination of capital letters, lowercase letters, number, and non-numerical symbols

2. Select the right cybersecurity partner.

Your data isn’t something your business can afford to gamble with, which is why it’s crucial to choose proven, trusted cybersecurity partners with the experience needed to protect your private information. Some of the key players in this area are Symantec, McAfee, and FireEye—all of which have a long history of customer success.

There are loads of other vendors out there in the marketplace. To help you curate the good from the bad, you can search on platforms like TrustPilot and Software Advice, both of which provide in-depth reviews of apps.

3. Keep up with the cybersecurity landscape.

By staying updated with the cybersecurity landscape, you’ll stay educated on any new forms of cyber attacks that hackers are trying to use on people and businesses. Remember,hackers are some of the most savvy computer programmers around, and their tactics won’t stay the same year after year. As technology moves forward, so do the ways in which cybercrime can threaten the livelihood of your business, making it important to stay abreast of the overall landscape.

One recommendation is to visit CSO, an online publication that regularly posts news, think-pieces, and how-to content on all things cybersecurity.

4. Make sure your third party tools are secure.

With such a large number of apps for every aspect of business nowadays, it can be easy to overlook applying safety measures on everyone you use on a regular basis. Yet, these apps often have access to your private information just the same as others. Before using a third party tool or app, be sure they have a long history of taking their customers’ privacy seriously.

This can be done in a number of ways:

  • Examining customer reviews on platforms like the iTunes App Store, TrustPilot, Software Advice and similar sites.
  • Typing the company’s name into Google with the phrase “security breach” or “privacy leak” to see if there have been any recent hacks into their system.
  • Taking a few minutes to read through the company’s Terms and Conditions to see if and where the company is selling your personal data to advertisers.

Here at ExakTime, we take the privacy of our customers extremely seriously. This is why we never collect any data off the clock, and completely anonymize all information collected during workers’ shifts. All your ExakTime data is stored in our secure cloud, Microsoft Azure, software trusted by 95% of all Fortune 500 companies—so we are giving you the best that the secure internet can provide for your company’s precious payroll and time and attendance data. We have a strong track record of staying true to these values. With all the third parties you decide to invest in, be sure they exhibit the same core values.

Cyber attacks can happen at any moment, both in your personal and professional life. While it’s unlikely there will ever be a bulletproof, all-in-one solution to put an end to cyber crime, there are preventative steps you can take to put your company is the best position possible to avoid them from happening. This year, put safety first by putting cybersecurity at the forefront of your business strategy.