Cyber security is a hot topic these days as businesses and organizations grapple with how to protect themselves in our technology dependent world. What started as annoying pranks that didn’t do much harm has now turned into its own illegal international industry. Cyber crime is a plague that is showing no signs of slowing.
How can construction companies protect themselves, their people and their assets from cyber criminals? The answer lies in safety. Edward Pyle, SCSA’s vice president, worked as an IT consultant for many years before joining SCSA—and he has some good advice to share.
Construction meets the cyber world
“Construction—due to its cyclical, transient nature—may not seem like the typical target for cyber crime,” says Pyle. “However, no industry is immune. Construction may be even more vulnerable because of its focus on operations and timelines—and perhaps not prioritizing IT like other sectors do.”
The cost of doing nothing
The financial impact of an incident can be devastating for a business. The construction industry works on tight timelines and tighter margins. A cyber security breach can irreparably harm your reputation and do costly damage to your bottom line. “For example, if your systems are locked up with ransomware, can you afford to be ‘down’ for days or weeks, dealing with the issue?” asks Pyle.
There are many basic steps construction companies can take to protect themselves. The first step is to apply the same rigour to cyber security as you would to safety. “It’s risk management in the same way you manage risk with safety,” says Pyle. “Identify the issues, address them with the appropriate protocols, and cultivate the same commitment to security as you have toward safety. The danger of cyber attacks is intangible but real, and cyber crime is only going to get more sophisticated. It’s well worth the effort and investment to ensure your business is protected and your employees are educated.”
Beginning your journey in cyber security doesn’t have to be intimidating. Pyle says training goes a long way to protect yourself and your company. “There are affordable online learning tools out there that can teach your team about cyber security topics, trends and best practices,” he says. “Often, cyber criminals find their way in through staff accidentally clicking on an email link. Teaching people what to look for is a good first step.”
Keep your systems up to date. Pay attention to notifications on all of your devices to update operating systems periodically and keep protections current. Staying on top of important updates, including your anti-virus program, prevents the wrong people from finding a way into your systems.
Stay informed and get help when you need it. “There are experts that can assess your systems and determine what you might need to upgrade,” says Pyle. “Plus, there are many blogs and online sources of good information about what’s happening in cyber security. Keep an eye on things and address issues as they arise.”
Don’t be afraid to ask questions and follow up. “Trust your instincts. If that email from the CEO asking you to pay an invoice or change some banking information sets off an alarm for you, follow up with the person to verify the request,” he says. “A quick phone call to make sure you’re doing the right thing can prevent a major incident. Several large organizations have been taken in by what looks like a simple email with a basic task. It never hurts to
make sure what you’re being asked to do is legitimate.”
Work with people you can trust. “Security doesn’t end with your business,” says Pyle. “Vendors can also make you vulnerable. Do business with organizations that are trustworthy and credible. Making the effort to communicate beyond email exchanges can help build a healthy rapport so you can better detect when something seems off. Always remember the adage: it’s too good to be true, it probably is.”
Safety leads the way
Treating cyber security like safety is the best way to ensure it gets the attention it needs every day. Just like safety, cyber security is all about preventing problems before they happen. “Cyber incidents are the tech version of a physical safety hazard,” says Pyle. “Give it the same attention and you should be protected from the world of cyber crime.”