Building A Cybersecurity Response Plan

Today’s technology benefits us in ways we couldn’t have imagined even a decade ago. It allows us to visualize buildings through intelligent modeling systems, resulting in better quality and improved delivery. It makes collaboration among stakeholders easier and helps reduce errors. It streamlines data processing and improves accuracy. Overall, technology makes us more efficient.

But it also has its drawbacks; specifically, it can open us up to cyberattacks and data security incidents. Remember Target’s infamous data breach back in 2014 — the one that compromised the sensitive information of a ballpark 110 million customers? Eventually, it was traced back to an unsuspecting HVAC contractor who helped manage the retail giant’s smart thermostats.

According to Security Today, the average cost of a data breach amounts to over $3.5 million. If that’s not troubling enough, a recent IBM Ponemom study found that 74% of construction-related organizations are neither prepared for a cyberattack, nor do they have a response plan in place to protect themselves.

Don’t wait until a breach occurs. Start filling critical security gaps now by implementing a cyber awareness program throughout your company.

Ways to avoid cyberattacks in construction

1. Train your employees
Experts estimate that 95% of cybersecurity issues are the result of human error. That’s why training is critical! Proper cyber training should include training for all employees, no matter their level or scope of work, and should include:

• Emphasizing the importance of each employee’s role in protecting company data
• Reminding them to periodically change their passwords
• Making sure no one installs any unauthorized/unlicensed software that could corrupt data
• Teaching them to safeguard any company electronics and backups by storing them in a secure place

* Keep in mind, employees with a higher level of access are more valuable targets, so their training should be more in-depth.

2. Enable multifactor authentication
Multifactor authentication (MFA) is one of the most effective ways to protect your organization against cybersecurity threats. For example, if a user is trying to access one of your business applications from an unknown device or geolocation, they’ll be prompted to enter a one- time code that only they’ll have access to. It’s just another layer of protection that helps close cyber vulnerabilities. MFA can also be used to secure physical buildings — for example, requiring an authorized badge and facial recognition to enter secure rooms with sensitive networking or telecommunications devices.

3. Backup your data
In our data-rich industry, losing any amount of it can not only compromise customer relationships, but it can damage your reputation. Take precautions against possible data breaches by regularly backing up your sensitive data and storing it off-site or on a remote server that you can access (just in case). Take time now to evaluate your current backup systema and consider upgrading your security measures if necessary. You may even consider hiring an outside firm to test your software and systems for weaknesses.

When it comes to cybercrime and security threats, the question isn’t if it’ll happen — it’s when. By creating and implementing a cybersecurity plan now, you’ll be better positioned to react when an incident occurs and minimize the impact.