Construction Best Practices

Planning for a Crisis: The Importance of a Cyber Security Plan in UK Construction


Cyber threats have been on the rise since March, 2020.

Why is Cyber Security Important?

As technology continues to evolve and surprise, we often find ourselves playing catch-up when it comes to keeping our business data and infrastructure protected.

To ensure your construction company can immediately get to the business of helping its community it’s vital to have a meticulous crisis plan — and the right technology — in place. Hybrid working and unparalleled reliance on computers has left many construction companies vulnerable to cyber attacks.

Phishing scams, hackers, and wire transfer scams have been on the rise since March 2020. In fact, 35% of ransomware and methods used on attacks were previously unseen before 2020. However, it seems that directors are beginning to feel they can let their foot off the gas in recent years.

According to a recent survey by the UK government, there has been a decrease from 82% in 2022 to 71% in 2023 where respondents were asked if they valued cyber security as a priority. When coupling this with the fact that Cybersecurity Ventures predicts that cost of cybercrime will grow to $10.5 trillion by 2025, and it seems companies could be setting themselves up for disastrous consequences. 

If burglaries were on the rise in a business park, the designated security company would increase its presence. However, construction companies have yet to adopt a cyber security mindset. If your data is compromised, so are your business workflows, your customers’ data, and your reputation. We don’t often think about how our operations would be affected should an outage or a phishing attack occur — but we should be.

Creating a Cyber Security Business Continuity Plan

Having a solid cyber security strategy in place with actionable protective measures can reduce the chances of falling victim to a significant business disruption.

No business wants to imagine being a victim of a security breach or severe data loss, but preparing for the worst puts your business in the best position moving forward, because you can act quickly and have more control of the outcome.

The hardest part of creating a recovery plan is the first hurdle: deciding what needs to be included. This will vary from business to business, but there are factors that will remain the same for many.

We’ve outlined some of the basic questions you need to ask in order to start forming an effective crisis plan — and surprisingly, it isn’t all related to data.

  • Do you have a role acting as a central resource to manage disaster recovery across multiple departments?
  • Are your employees and clients regularly given information on best practices for UK cyber security?
  • Do you have vital personal information, like employee and customer records, securely backed up to ensure limited business disruption?
  • Do you have an outline for how you will tackle sensitive information being stolen, i.e. credit card details, home addresses, system passwords.
  • Do you have a separate outline for how you will tackle sensitive business information, i.e. government documents, project documents and blueprints, project login credentials.
  • Is there a set period of time in which you have to recover lost data for insurance, project, and contract purposes? What is this?
  • Do you have a continually updated inventory of equipment and assets? Is documentation like insurance and contracts, up to date and backed up?
  • How would your communication plan to customers and clients look?
  • How will you make your employees aware of the cyber security plan and any future changes that are made?

A solid cyber security disaster plan can get quite detailed and it should be consistently reviewed, practised and updated to net the best results in case of an incident.

Safeguarding Your Data: Mitigating Risk and Ensuring Compliance

Connected, cloud-based software can actually provide greater levels of data security, while reducing overhead costs.

By using cloud-based, connected construction software contractors shift the responsibility of maintaining servers, ensuring SOC 2 Type II compliance, and data backup and storage. Project and business data backups happen automatically, providing daily protection, with costs often included or rolled into users’ subscription costs. That eliminates expensive capital assets for servers or IT strain and overhead to consistently maintain the hardware. 

New software features and security functionality are also rolled out automatically. By coupling the backups with cyber security protections, cloud vendors use the latest technologies to thwart cybercriminals and provide an extra level of protection not otherwise achieved through in-house backups.

The software partners you choose play an integral role in cyber security. Trimble Viewpoint UK is certified in the following:

Next Steps in Your Cyber Security Journey

Once you've combed over the basic questions and evaluated your current and prospective software vendors, what next? Well, cyber security isn't a destination — it's a journey. There needs to be a conscious effort within the business to periodically check and update your cyber security plan and processes. This includes actions such as employee training, obtaining certificates from software vendors, and learning from previous breaches in the business. Yes, it's likely that you'll have some form of breach even if you're diligent, but with the right precautions in place, the repercussions can be minimal and harmless and treated as a quick lesson in how to improve for next time.

Posted By

Tamara joined the Trimble team in 2020. She likes taking complicated subject matters and making them easy to understand. She is experienced in the construction software market with expertise in content creation and distribution. In her spare time, you'll often find her running or dog-walking (not usually at the same time.)