All companies are susceptible to cybersecurity attacks; however, this article focuses on some of the main vulnerabilities within the construction industry, as well as proactive steps that organizations can take to boost cyber defense.
What are some of the most common entry points for threat actors in the construction industry?
Threat actors are always looking for a way in, and the construction industry is a prime target due to the variety of ways their organizations can be attacked, including:
- Construction project management software and SaaS solutions
- Outdated security policies or lack thereof
- Proprietary company software and cloud storage
- Smartphones and laptops – used both at the office and on-site
- Subcontractors, outsourcing jobs can lead to uncertainty and lack of oversight
How can construction companies boost their cybersecurity efforts?
While there is no sure-fire solution to cyber-attacks, there are several best practices companies can take, including:
- Choosing the right software and keeping up to date on security measures/updates
- Conducting a third-party security analysis/risk assessment to develop an appropriate cybersecurity plan
- Creating an incident response plan with a trusted partner to make sure they are prepared for an incident
- For a construction company employing high numbers of workers, each of whom is logging in from a different location, zero trust security can be a good blanket policy that protects widely dispersed points of entry.
- Making employees knowledgeable about cybersecurity/ hosting training
- Exploring cyber insurance options
- Setting expectations and ensuring they are followed when dealing with 3rd party vendors
About Schneider Downs Cybersecurity
The Schneider Downs Cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
To learn more, visit our dedicated Cybersecurity page.
About Schneider Downs Construction Services
Led by a diverse group of shareholders and managers, Schneider Downs provides strategic and practical solutions for our construction clients in all facets of their business. Our dedicated team of more than 350 professionals have a wide background of tax, accounting, technological and business experience in the region, specifically in Pittsburgh and Columbus.
To learn more, visit our Construction Industry Group page.
