Construction Best Practices

Planning for a Crisis: The Importance of a Construction Cybersecurity Plan


Cyber threats have been on the rise since March, 2020.

As technology continues to evolve and surprise, we often find ourselves playing catch-up when it comes to keeping our business data and infrastructure protected.

To ensure your construction company can immediately get to the business of helping its community it’s vital to have a meticulous crisis plan — and the right technology — in place. Remote working and unparalleled reliance on computers has left many construction companies vulnerable to cyberattacks.

Phishing scams, hackers, and wire transfer scams have been on the rise since March 2020. According to Deloitte, 35% of ransomware and methods used on attacks were previously unseen before the pandemic, whilst police data analysed by Nexor shows that there was a 31% increase in security breach cases from May to June 2020.

If burglaries were on the rise in a business park, the designated security company would increase its presence. However, construction companies have yet to adopt a cybersecurity mindset. If your data is compromised, so are your business workflows, your customers’ data, and your reputation. We don’t often think about how our operations would be affected should an outage or a phishing attack occur — but we should be.

Creating an Effective Construction Cybersecurity Plan

Having a solid cybersecurity strategy in place with actionable protective measures can reduce the chances of falling victim to a significant business disruption.

No business wants to imagine being a victim of a security breach or severe data loss, but preparing for the worst puts your business in the best position moving forward, because you can act quickly and have more control of the outcome.

The hardest part of creating a recovery plan is the first hurdle: deciding what needs to be included. This will vary from business to business, but there are factors that will remain the same for many.

We’ve outlined some of the basic questions you need to ask in order to start forming an effective crisis plan — and surprisingly, it isn’t all related to data.

  • Do you have a role acting as a central resource to manage disaster recovery across multiple departments?
  • Are your employees and clients regularly given information on best practices for cybersecurity?
  • Do you have vital personal information, like employee and customer records, securely backed up to ensure limited business disruption?
  • Do you have an outline for how you will tackle sensitive information being stolen, i.e. credit card details, home addresses, system passwords.
  • Do you have a separate outline for how you will tackle sensitive business information, i.e. government documents, project documents and blueprints, project login credentials.
  • Is there a set period of time in which you have to recover lost data for insurance, project, and contract purposes? What is this?
  • Do you have a continually updated inventory of equipment and assets? Is documentation like insurance and contracts, up to date and backed up?
  • How would your communication plan to customers and clients look?
  • How will you make your employees aware of the cybersecurity plan and any future changes that are made?

A solid cybersecurity disaster plan can get quite detailed and it should be consistently reviewed, practised and updated to net the best results in case of an incident.

Safeguarding Your Data

Connected, cloud-based software can actually provide greater levels of data security, while reducing overhead costs.

By using cloud-based, connected construction software contractors shift the responsibility of maintaining servers, ensuring SOC 2 Type II compliance, and data backup and storage. Project and business data backups happen automatically, providing daily protection, with costs often included or rolled into users’ subscription costs. That eliminates expensive capital assets for servers or IT strain and overhead to consistently maintain the hardware.

New software features and security functionality are also rolled out automatically. By coupling the backups with cybersecurity protections, cloud vendors use the latest technologies to thwart cybercriminals and provide an extra level of protection not otherwise achieved through in-house backups.

The software partners you choose play an integral role in cybersecurity. Viewpoint UK is certified in the following:

  • ISO 27001
  • SOC I and SOC 2 Type II
  • Cyber Essentials Plus
  • Amazon Web Services (AWS)
  • Microsoft Azure

For more information about how Viewpoint can help your business, please email [email protected].

Posted By

Tamara is a Marketing Executive at Viewpoint, joining the team in 2020. She is experienced in the supply chain software market with expertise in content creation and social media marketing.