The steps outlined below will help you avoid being a victim of a cyber attack and will also benefit you in getting back on your feet if the worst happens.
Back up your data
Consider how reliant you are on business-critical data such as project plans, CAD models, client information, quotations, orders, and payment information. Consider how long you'd be able to function without them.
It's critical to preserve a backup copy of this critical data in case something goes wrong with your IT equipment or your business location. There could be an accident (such as a fire, flood, or loss), equipment theft, or ransomware (or other malware) damaging, deleting, or locking your data.
- Identify what you need to back up
- Keep your backup separate from your computer
- Make backing up part of everyday business
Protecting your office equipment from malware
Malware is malicious software, which - if able to run - can cause harm in many ways, including:
- causing a device to become locked or unusable
- stealing, deleting or encrypting data
- taking control of your devices to attack other businesses
- obtaining login details which can be used to access your businesses (or services that you use)
- using services that may cost you money (e.g. premium rate phone calls).
As well as these steps you should also consider:
- Turn on antivirus software
- Only download approved apps
- Keep your IT equipment up to date
- Switch on encryption
- Control how USB sticks/removable media are used
- Manage how your IT equipment is accessed by third parties
Keeping your phones and tablets safe
Mobile technology is becoming an increasingly significant aspect of the construction industry, with more and more being utilised on construction sites and on the go, to store increasing volumes of critical data.
- Don't leave your phone (or tablet unlocked)
- Make sure lost or stolen devices can be tracked, locked or wiped
- Keep devices and apps up to date
- Take care when connecting to public Wi-Fi hotspots
Using passwords to protect your data
Many of your own business-critical data, as well as the personal information of your clients, contractors, and suppliers, will be stored on your laptops, computers, tablets, and phones, as well as information about the internet accounts you use.
- Remember to switch on password protection
- Avoid using predictable passwords
- Use 2FA for important accounts
- Looking after your passwords
- Change all default passwords
Dealing with phishing
When thieves employ fake emails, SMS or chat messages, phone calls, or social media to deceive their victims, this is known as phishing. Their purpose is usually to get you to open an attachment or click a link. Malware can be installed if you click (or open) a link to a suspicious website or open an attachment that has been delivered to you.
- Reporting scam emails, texts, websites to the NCSC
- Make yourself a harder target
- Think about how you operate
- Check for the obvious signs of phishing
What do to if you've already clicked:
- In England, Wales or Northern Ireland, visit www.actionfraud.police.uk or call 0300 123 2040.
- In Scotland, report to Police Scotland by calling 101.
- Your bank may also be able to help if you think you've been tricked into transferring money to a criminal.
Collaborating with suppliers and partners
Suppliers offer materials, machinery, labour, and digital information to construction companies (such as specifications and designs). Even for smaller businesses, your supply chain can quickly become large and complex, involving extensive use of sub-contractors and suppliers with a high degree of payments flowing to and from businesses. Then there are the organisations you rely on that are less evident. For example, the company that provides your email service or the accounting software you use. Assaults on your suppliers' computers can be equally as devastating as attacks on your own. Therefore, while working with suppliers and partners, it's critical to use cyber security.
- Understanding your supply chain
- Consider the implications if your supplier is attacked
Preparing for (and responding to) cyber incidents
It's tough to know what to do when something unexpected happens, such as a cyber attack. Naturally, you'll want to get to the bottom of the issue as soon as possible so that you can get back to business. Malware (particularly ransomware) is becoming more widespread in the construction business, hence being prepared is critical.
Cyber exercising, which entails rehearsing your response to a cyber incident, is the greatest way to assess your staff's awareness of what's required during an incident.
- Prepare for incidents
- Identify if you're being attacked
- Resolve the incident
- Learn from the incident
If you have any questions or concerns about the cybersecurity level of your construction company, do not hesitate to contact us for a free consultation.