Cybersecurity: A Critical Risk for Construction Companies

Blog
August 20, 2018

In 2018, the construction industry faces risks from locations outside of their job sites. They are just as likely to be a target of cybercrime as any other type of business. Unfortunately, many construction companies do not have adequate safeguards in place, due to the industry’s historically low regulation standards. If you are unprepared to prevent and handle cyber-attacks, more than just your sensitive information can be lost.

All information kept on any network is valuable to hackers. In the construction industry in particular, architectural plans are a key target because it provides a gateway for clients to be attacked at their locations. Bids are also a target, providing competitors with a business advantage if they can uncover pricing information. As with any industry, construction can also be subject to cyber-attacks with monetary motives.

Breaches commonly occur through an employee’s device from hackers installing malicious software. Clicking on unsafe links and downloads could install the software on to a device. Weak passwords can also give hackers easy access into a system. In addition to malware, ransomware may be used to extort funds by blocking access to your system or network until a ransom is paid. Employee, company, and client financial information can also be stolen. These dangers become more probable when there is a lack of security in the company’s you do business with.

With modern technology, companies and employees are extremely interconnected. If any linked device lacks adequate security, the whole network  becomes vulnerable. Furthermore, even with safeguards in place, if a vendor is attacked, the connections they have to your network and system provide a path for the hacker to gain access. When Target was attacked in 2013, hackers were able to access their system by first breaching a HVAC vendor’s systems and stealing their credentials for Target’s systems.

Once an attack occurs, the damage can go beyond reputation and compromised information. You could face legal issues and incur hefty fines.

Here are some steps you can take to prevent a breach at your company:

  • Check the cybersecurity policies of vendors and subcontractors
  • Create a culture of awareness
  • Look into cyber insurance
  • Create a written Information Security Program
  • Include cybersecurity requirements in contracts

For more information, please download a copy of our “How to Develop a Cybersecurity Plan” checklist. While preventing an attack is difficult, being prepared can lessen the long-term impact should a breach occur.

For more information, please contact Payal Vadhani, lead partner of Aronson’s Risk Advisory practice, or one of our construction industry experts at 301.231.6200.