When it comes to the latest cybersecurity technologies, the construction industry often is a step behind. In fact, according to the “2019 Travelers Business Risk Index,” nearly half of all construction executives believe their firms are destined to fall victim to a cyberattack, yet more than 68% admit they haven’t assessed the security risks, or made plans or preparations. In order to build a better security posture, here are four strategies worth considering:
1. Start with Foundational Security Measures
Strong cyber security starts with fundamental layers of security. Any computing devices on site should be secured the same way they would be in a traditional office setting. Deploy firewalls, patch software regularly, back up your data frequently, enable core network security services and endpoint protections, etc. These are basic, but critical table stakes. New generations of ruggedized security technologies, including multi-function security appliances and Wi-Fi access points, can address historical jobsite issues like heat, dust and moisture, while remote monitoring and management tools can allow IT professionals to execute updates and monitor alerts from a central location.
2. Understand Your Adversary’s Motivations
You cannot adequately protect company data without understanding who might want to get a hold of it and why. One of the main motivations for targeting a construction site is the theft of intellectual property, such as blueprints that could provide intelligence on defeating the physical security in the future. Another could simply be compromising the supply chain to divert payments or extortion via ransomware. Attackers might even want to open a backdoor into a future tenant’s network by gaining control over the building automation systems being installed in a new development. Understanding these motivations can help you identify the best mix of security layers to implement.
3. Invest in Employee Education
Better cyber security awareness is a simple, but powerful measure, especially given how wide ranging the level of technical skill and training is across construction teams and employees. Teach all managers, employees and contractors to identify phishing attempts, flag suspicious emails, calls or wire transfer requests, and to not click on every link they receive.
4. Prioritize both Physical and Cyber Security
Some construction companies already may be undergoing digital transformation initiatives, using wireless or cellularly-connected rugged tablets and shared blueprints, and plans on digital devices rather than paper. You might be using drones for site inspections or 3D printers for prototyping. Today’s cyber criminals already are targeting tablets, smartphones and other mobile devices, and while attacks on drones or 3D printers are not as common, they are possible. Regularly update these devices, change their stock passwords and assess them for potential compromises.
Corey Nachreiner is CTO of WatchGuard Technologies. A front-line cybersecurity expert for nearly two decades, Nachreiner regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. For more information, visit https://www.watchguard.com.