Construction industry data is more valuable than you think

Think about your client base, the sensitive information that you hold on current, past and future projects. The leaking of market-sensitive information, intellectual property or other confidential information could have serious financial consequences which could cause your business  highly publicised and embarrassing public relations, or worse, these security breaches could cost your business lost clients, considerable downtime or large regulatory fines. More details are here. It isn’t just hackers you need to be protecting yourself against either, multiple sets of employees, consultants and contractors, could all provide an element of risk when it comes to a data breach. Don’t forget, it is a legal requirement for construction companies to ensure that all data is held securely and is used in the correct way. GDPR and Construction Be aware of GDPR (General Data Protection Regulation) and what it means to you. As the construction industry faces a migration towards more digitalised, integrated and complex systems such as BIM and Procore, the potential impact and risk to the data being held by companies is increasing. GDPR is coming. In an effort to make sure companies are doing everything they can to protect their data – this EU legislation is coming in to force from May 2018 and companies need to be ready. Bringing penalties of up to €20 million, or, if higher 4% of total revenues for those who don’t comply. Building a safer cyber environment Keeping systems up-to-date, having back-ups, secure Wi-Fi, installing anti-virus and building an internal policy to educate staff all helps to reduce risk. Perhaps start by having a frank discussion with your IT support provider to ensure you are doing everything you can. Here are a few more tips to help protect your business: • Consider getting the ISO 27001 certification, which proves you are following the necessary security policies and procedures. • Make sure your finance team are well trained and kept on high alert for phishing scams. • If you have multiple connected users, make sure you install a privileged account security solution on each device. It will help to reduce your chances of sensitive data being accessed. It also makes it easier to control should a device be mislaid or stolen. • Installation of software that provides real-time protection and automatically receives the most up-to-date malware definitions. • Establish Incident Response Plans. Prepare a plan for responding to an incident. • Establish Lines of Communication. In responding to a cyber-attack and its aftermath, communication is key. If the worst happens, ensure that lessons are learnt to help protect you from attacks in the future and have an insurance programme in place. Some additional information is available here: One in six construction companies affected by cyber crime Cyber criminals target construction sector It is just a matter of when not if