Contractors: Act Now to Plug Cybersecurity Holes

The coronavirus pandemic has forced many construction companies to embrace a more distributed workforce. Employees who can work remotely are keeping connected with online and mobile technology. Meanwhile, team members on jobsites may be accessing company systems from their own mobile devices. Unfortunately, information technology (IT) security plans may not be up to the challenge.

If your business’s security program is underequipped for the current climate’s influx of remote users, you may have security holes. Such holes can provide cybercriminals with access to your network. By employing the following best practices, however, you can protect your construction company and its financial systems against threats such as cyber intrusions, data breaches, phishing and ransomware.

Start With a Risk Assessment

The first step is to evaluate your networks so you understand what types of data is processed, where it’s stored and which data must be protected. For example, you’ll probably want to prioritize protection of:

• Payroll records,
• Accounts payables and receivables,
• Employee Social Security numbers and other HR information,
• Sensitive client information, and

Drawings and blueprints of critical infrastructure.

You’ll also need to understand the legal and regulatory requirements for protecting sensitive data. From there, you can implement the tools and procedures necessary to protect it from cyberthreats. If you don’t have IT experts on your staff, work with a qualified consultant to identify your business’s risks and build a strong cybersecurity program.

Educating and Training Employees

Also critical to bolstering IT security is training employees to use the business’s technology and mitigate risks. Cybersecurity training shouldn’t be a one-time session performed during new-hire orientation or when a new device is issued to employees. Require everyone to participate in refresher training periodically as hackers initiate new types of attacks and your security plan is updated to defend against them.

One of the most important methods of preventing cybersecurity breaches is to ensure employees know how to spot a phishing or malware email. These are emails (from external and internal senders) with suspicious links or attachments that, when clicked, download malicious software. If an email appears suspicious — for example, if the sender’s language or request seems out of character — employees should immediately call the sender to verify the email. If the email can’t be verified, employees should notify your IT security expert.

Special Security for Mobile Devices

Mobile technology is becoming more prominent on jobsites, with many construction companies allowing employees to use their personal devices for certain tasks. To keep business data safe at every point of access, the personal devices and apps your employees use should be included in your company’s IT security strategy.

Take inventory of all devices and apps your team uses, including the make and version of operating systems. And ensure that your team members password-protect any devices they use for work to prevent unauthorized access if a device gets lost or stolen.

Patches and Backups

Keeping your software systems and firewalls updated is another critical preventive measure against cyberattack. When personal computers and mobile devices are used for work, make sure your team members know to update their software and mobile apps whenever updates to patch security flaws become available.

Saving files to your computer puts the information at risk for theft or accidental deletion. So be sure to use a cloud-based solution to back up documents and files. Of course, cloud systems also provide authorized remote users quick and easy access to documents and project data at any time, from any location.

Finally, if you don’t already have it, consider buying cybersecurity insurance. This type of coverage is designed to mitigate losses from incidents including data breaches, business interruption and network damage.

Review and Audit

Technology changes rapidly, and hackers change their tactics almost as quickly. Regularly review your cybersecurity procedures and ensure employees are up to speed. You may also want to engage an outside IT security expert occasionally to perform a thorough audit. The extra cost generally is much less than what your construction business could lose should a cyberattack succeed. Contact Kirsch CPA Group at 513.858.6040 for recommendations.