Construction businesses are now being offered cyber security advice from the National Cyber Security Centre, on how to protect their businesses from online threats
The new guidance has been launched with the Chartered Institute of Building and is aimed at small and medium-sized firms.
Construction businesses of all sizes continue to be targeted for cyber attackers due to the sensitive data they hold and the high-value payments that they handle.
The new guide offers practical advice for each stage of construction, from design to handover, and sets out the common cyber threats the industry faces, including spear-phishing, ransomware and supply chain attacks.
‘Reducing the chances of falling victim to a cyber-attack’
Sarah Lyons, NCSC deputy director for Economy and Society Resilience, said: “As construction firms adopt more digital ways of working, it’s vital they put protective measures in place to stay safe online – in the same way you’d wear a hard hat on site.
“That’s why we’ve launched the new Cyber Security for Construction Businesses guide to advise small and medium-sized businesses on how to keep their projects, data and devices secure.
“By following the recommended steps, businesses can significantly reduce their chances of falling victim to a cyber-attack and build strong foundations for their overall resilience.”
‘Easy to follow, practical advice’
Construction minister Lee Rowley also commented: “Data and digital technology is helping to make the construction industry more productive, competitive and sustainable. However, with this new technology comes threats that businesses must be wary of and take action to defend themselves from.
“This guide provides firms with easy to follow, practical advice to improve resilience to online threats, which will help to ensure projects are delivered on time and securely.”
The advice is split into two sections, which is aimed at helping business owners and managers to understand the importance of cyber security, and advising IT staff within construction companies on actions to take.
The seven steps for boosting resilience include creating strong passwords, backing up devices; how to avoid phishing attacks; collaborating with partners and suppliers; and preparing for and responding to incidents.
‘The consequences of poor cyber security should not be underestimated’
Caroline Gumble, chief executive of the Chartered Institute of Building, said: “The consequences of poor cyber security should not be underestimated.
“They can have a devastating impact on financial margins, the construction programme, business reputation, supply chain relationships, the built asset itself and, worst of all, people’s health and wellbeing. As such, managing data and digital communications channels is more important than ever.
“This guide provides a timely opportunity to focus on the risks presented by cybercrime, something that has been highlighted by CIOB for some time. We’re now delighted to partner with the National Cyber Security Centre (NCSC) and the Centre for the Protection of National Infrastructure (CPNI) to produce another invaluable resource.”
A survey from the Department for Digital, Culture, Media and Sport of all types of businesses found that last year more than a third of micro and small businesses reported falling victim to a cyber security breach or cyber-attack, with this increasing to 65% for medium-sized businesses.
