Tamara Higham, marketing executive at Viewpoint, discusses the importance of integrating a cybersecurity plan into your construction business
The past twelve months have been challenging, but one positive lesson has been the importance of having a “just in case” plan. (Remember the toilet paper roll and pasta saga of March 2020?) Although we may have learned the importance of planning the hard way — some of us now have toilet paper reserves for years — we do not often apply this same mindset to keeping our business data and infrastructure protected.
To ensure your construction company can immediately get to the business of helping its community it’s vital to have a meticulous crisis plan — and the right technology — in place. Remote working and unparalleled reliance on computers have left many construction companies vulnerable to cyberattacks.
Phishing scams, hackers, and wire transfer scams have been on the rise since March 2020. According to Deloitte, 35% of ransomware and methods used on attacks were previously unseen before the pandemic, whilst police data analysed by Nexor shows that there was a 31% increase in security breach cases from May to June 2020.
If burglaries were on the rise in a business park, the designated security company would increase its presence. However, construction companies have yet to adopt a cybersecurity mindset. If your data is compromised, so are your business workflows, your customers’ data, and your reputation. We don’t often think about how our operations would be affected should an outage or a phishing attack occur — but we should be.
Creating an effective construction cybersecurity plan
No business wants to imagine being a victim of a security breach or severe data loss, but preparing for the worst puts your business in the best position moving forward, because you can act quickly and have more control of the outcome.
The hardest part of creating a recovery plan is the first hurdle: deciding what needs to be included. This will vary from business to business, but there are factors that will remain the same for many.
We’ve outlined some of the basic questions you need to ask in order to start forming an effective crisis plan — and surprisingly, it isn’t all related to data.
- Do you have a role acting as a central resource to manage disaster recovery across multiple departments?
- Are your employees and clients regularly given information on best practices for cybersecurity?
- Do you have vital personal information, like employee and customer records, securely backed up to ensure limited business disruption?
- Do you have an outline for how you will tackle sensitive information being stolen, i.e. credit card details, home addresses, system passwords.
- Do you have a separate outline for how you will tackle sensitive business information, i.e. government documents, project documents and blueprints, project login credentials.
- Is there a set period of time in which you have to recover lost data for insurance, project, and contract purposes? What is this?
- Do you have a continually updated inventory of equipment and assets? Is documentation like insurance and contracts, up to date and backed up?
- How would your communication plan to customers and clients look?
- How will you make your employees aware of the cybersecurity plan and any future changes that are made?
A solid cybersecurity disaster plan can get quite detailed and it should be consistently reviewed, practised and updated to net the best results in case of an incident.
Safeguarding your data
By using cloud-based, connected construction software contractors shift the responsibility of maintaining servers, ensuring SOC 2 Type II compliance, and data backup and storage. Project and business data backups happen automatically, providing daily protection, with costs often included or rolled into users’ subscription costs. That eliminates expensive capital assets for servers or IT strain and overhead to consistently maintain the hardware.
New software features and security functions are also rolled out automatically. By coupling the backups with cybersecurity protections, cloud vendors use the latest technologies to thwart cybercriminals and provide an extra level of protection not otherwise achieved through in-house backups.
The software partners you choose play an integral role in cybersecurity. Viewpoint UK is certified in the following:
- ISO 27001
- SOC I and SOC 2 Type II
- Cyber Essentials Plus
- Amazon Web Services (AWS)
- Microsoft Azure
For more information about how Viewpoint can help your business, please email UKSales@Viewpoint.com.