Go Live UK Blog Header

Cyber Security for Construction Businesses

on | 0 comments

The steps outlined below will help you avoid being a victim of a cyber attack and will also benefit you in getting back on your feet if the worst happens.

Back up your data

Consider how reliant you are on business-critical data such as project plans, CAD models, client information, quotations, orders, and payment information. Consider how long you'd be able to function without them.

It's critical to preserve a backup copy of this critical data in case something goes wrong with your IT equipment or your business location. There could be an accident (such as a fire, flood, or loss), equipment theft, or ransomware (or other malware) damaging, deleting, or locking your data.

  • Identify what you need to back up
  • Keep your backup separate from your computer
  • Make backing up part of everyday business

Protecting your office equipment from malware

Malware is malicious software, which - if able to run - can cause harm in many ways, including:

  • causing a device to become locked or unusable
  • stealing, deleting or encrypting data
  • taking control of your devices to attack other businesses
  • obtaining login details which can be used to access your businesses (or services that you use)
  • using services that may cost you money (e.g. premium rate phone calls).

As well as these steps you should also consider:

  • Turn on antivirus software
  • Only download approved apps
  • Keep your IT equipment up to date
  • Switch on encryption
  • Control how USB sticks/removable media are used
  • Manage how your IT equipment is accessed by third parties

Keeping your phones and tablets safe

Mobile technology is becoming an increasingly significant aspect of the construction industry, with more and more being utilised on construction sites and on the go, to store increasing volumes of critical data.

  • Don't leave your phone (or tablet unlocked)
  • Make sure lost or stolen devices can be tracked, locked or wiped
  • Keep devices and apps up to date
  • Take care when connecting to public Wi-Fi hotspots

Using passwords to protect your data

Many of your own business-critical data, as well as the personal information of your clients, contractors, and suppliers, will be stored on your laptops, computers, tablets, and phones, as well as information about the internet accounts you use.

  • Remember to switch on password protection
  • Avoid using predictable passwords
  • Use 2FA for important accounts
  • Looking after your passwords
  • Change all default passwords

Dealing with phishing

When thieves employ fake emails, SMS or chat messages, phone calls, or social media to deceive their victims, this is known as phishing. Their purpose is usually to get you to open an attachment or click a link. Malware can be installed if you click (or open) a link to a suspicious website or open an attachment that has been delivered to you.

  • Reporting scam emails, texts, websites to the NCSC
  • Make yourself a harder target
  • Think about how you operate
  • Check for the obvious signs of phishing

What do to if you've already clicked:

  • In England, Wales or Northern Ireland, visit www.actionfraud.police.uk or call 0300 123 2040.
  • In Scotland, report to Police Scotland by calling 101.
  • Your bank may also be able to help if you think you've been tricked into transferring money to a criminal.

Collaborating with suppliers and partners

Suppliers offer materials, machinery, labour, and digital information to construction companies (such as specifications and designs). Even for smaller businesses, your supply chain can quickly become large and complex, involving extensive use of sub-contractors and suppliers with a high degree of payments flowing to and from businesses. Then there are the organisations you rely on that are less evident. For example, the company that provides your email service or the accounting software you use. Assaults on your suppliers' computers can be equally as devastating as attacks on your own. Therefore, while working with suppliers and partners, it's critical to use cyber security.

  • Understanding your supply chain
  • Consider the implications if your supplier is attacked

Preparing for (and responding to) cyber incidents

It's tough to know what to do when something unexpected happens, such as a cyber attack. Naturally, you'll want to get to the bottom of the issue as soon as possible so that you can get back to business. Malware (particularly ransomware) is becoming more widespread in the construction business, hence being prepared is critical.

Cyber exercising, which entails rehearsing your response to a cyber incident, is the greatest way to assess your staff's awareness of what's required during an incident.

  • Prepare for incidents
  • Identify if you're being attacked
  • Resolve the incident
  • Learn from the incident


If you have any questions or concerns about the cybersecurity level of your construction company, do not hesitate to contact us for a free consultation.


Tel: +44 (0)20 3371 7354
Email: [email protected]


Cyber Security Solutions



Leave a comment

We respect your privacy and we will not share this information to third parties.

Get in Touch

Get in touch with our Online Security Experts right now!
Contact us
Scroll Top
Cookie settings