3 quick wins for improved digital security in construction
Many construction companies think cybercrime mainly affects large international companies. But the reality is that cybercriminals mostly set their sights on medium-sized companies; digital security is often lower on the agenda. Large companies have in-house cybersecurity experts, but this is relatively rare among construction, civil engineering, and installation companies.
Nevertheless, it is important to pay adequate attention to online security, especially as the industry takes further steps in digitalisation and automation. In this blog, we list three quick wins that will improve online security in your construction, infrastructure, or installation company.
1. Enable safer login with multifactor authentication
In many systems holding essential data, we log in with a username and password. This is not very secure, particularly when you know that colleagues often use the same (easily hacked) password for various systems. An extra layer of security via multifactor authentication (MFA) is, therefore, always a good idea. With MFA, you make colleagues undergo an additional verification process before accessing the system.
- Step one is checking the combination of username and password.
- Step two is an extra verification based on something you have (e.g., a code in the Microsoft Authenticator App), something you know (a PIN or security question) or something you are (fingerprint, eye iris). Such an extra check makes it much harder for cybercriminals to gain access to your systems, even if they already know the combination username and password.
TIP: Those working with an IT landscape based on Microsoft technology combine extra security and user convenience with multi-factor authentication and Single Sign-On (SSO). Employees go through the more extensive MFA log-in procedure at the start of their working day but then have direct access via SSO to, for example, an ERP solution based on Microsoft Dynamics 365 Business Central and the familiar Microsoft 365 applications.
2. Challenge colleagues and work on awareness
It is tempting to think, ‘that won’t happen to me’, but the figures tell a different story. According to the latest statistics from the UK Government’s ‘Cyber Security Breaches Survey 2022‘ around 40% of businesses were affected by cyber crime last year.
Medium-sized companies are a popular target. Employees of these companies are often unaware of the dangers of cybercrime. It is, therefore, wise to occasionally check how well colleagues recognise suspicious situations. An excellent way to test this is to simulate a phishing attack. With Microsoft 365 Defender, you can send colleagues various suspicious emails: from emails with suspicious attachments to emails enticing colleagues to enter personal details online to win a gift voucher.
Depending on the result and colleagues’ scores, you can put them through individual training sessions to make them more aware of the dangers.
3. Keep systems up to date
The warehouse entrance gate, the fence around a construction site, or the office building alarm protect our assets from uninvited guests. We regularly check whether all the locks are still in good condition and ensure the alarm system is operational. Looking at access to our IT systems, we see that companies often operate with outdated systems that cannot withstand modern threats. Some software has not been updated for years, which is quite a risk as cybercriminals are somewhat keen to exploit these weaknesses. Avoid problems and make sure your software is always up to date. Choose software like 4PS Construct in the cloud or Software as a Service. These are IT solutions that you purchase as a service from the cloud. This software is always up-to-date and current; you no longer have to install updates or upgrade servers yourself. Moreover, because cloud suppliers such as Microsoft invest millions every year in adapting their software to new online threats, monitoring the security landscape, and keeping their servers up to date, you always work with the most secure software of the moment.
Want to know more?
Would you like to know more about the online threats that construction, civil engineering, and installation engineering companies need to consider? Wondering how to protect your company against them? Then also read our white paper ‘Online security in construction, civil engineering and installation’ and limit online risks.
-
Share:
Elliot Herdman | Elliot has over 20 years experience in the construction industry working with main contractors, subcontractors, M&E, supply and install analysing their business processes and implementing digital software solutions to improve projects, drive efficiencies and meet the growing needs of clients.