In the West Midlands region, there are 219,395 registered businesses according to the National Office for Statistics. Of those businesses, 26,175 are construction firms with 3030 being involved in the development of building projects, 4630 being in the construction of residential and non-residential buildings and 378 being in electrical installation.
Here at the Cyber Resilience Centre for the West Midlands (WMCRC), we are working to support one-man bands to large scale organisations within the Construction industry via our FREE core membership. This has been designed to help you avoid becoming a victim of a devastating cyber-attack. Whether you’re looking to learn more about how cybercriminals can target your business or whether you’re looking for a simple checklist to help you cover the basics, we have got you covered.
The National Cyber Security Centre recently published a cyber security guide for the Construction industry which featured these top tips:
Step 1 - Back Up Your Data
Think about how much you rely on your business-critical data, such as project plans, CAD models, customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them.
It’s important to keep a backup copy of this essential information in case something happens to your IT equipment, or your business premises. There could be an accident (such as fire, flood, or loss), you could have equipment stolen, or ransomware (or other malware) could damage, delete, or lock your data.
You should also:
Identify what you need to back up
Keep your backup separate from your computer
Make backing up part of everyday business
Step 2 – Protect your office equipment from malware
Malware is malicious software, which - if able to run - can cause harm in many ways, including causing a device to become locked or unusable, stealing, deleting or encrypting data, taking control of your devices to attack other businesses, obtaining login details which can be used to access your businesses (or services that you use) and using services that may cost you money (e.g. premium rate phone calls).
To further protect your office equipment from malware, you should:
Turn on antivirus software
Only download approved apps
Keep your IT equipment up to date
Switch on encryption
Control how USB sticks/removeable media are used
Manage how your IT equipment is accessed by third parties
Step 3 – Keep your phones and tablets safe
Mobile technology is now an essential part of a construction business, with more and more being used on construction sites and on the move, storing increasing amounts of important data. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than desktop equipment.
Don’t leave your phone (or tablet) unlocked
Make sure lost or stolen devices can be tracked, locked or wiped
Keep devices and apps up to date
Take care when connecting to public Wi-Fi hotspots
Step 4 – Use passwords to protect your data
Your laptops, computers, tablets and phones will contain a lot of your own business-critical data, the personal information of your customers, contractors, suppliers, and also details of the online accounts that you access. Passwords - when implemented correctly - are a free, easy and usually effective way to prevent unauthorised people accessing your devices.
The NCSC has some useful advice on how to choose a non-predictable password that you can remember:
Remember to switch on password protection
Avoid using predictable passwords
Use two-factor authentication
Look after your passwords
Change all default passwords
Step 5 – Reel in the phishing
Phishing’ is when criminals use scam emails, SMS or chat messages, phone calls or social media to trick their victims. Their goal is often to convince you to click a link or open an attachment. Once clicked (or opened), malware may be installed via a dodgy website you have been sent to, or via the attachment you have opened. Over the phone, the approach may be more direct, asking you for sensitive information, such as banking details.
Report scam emails, texts and websites to the NCSC
Make yourself a harder target
Think about how you operate
Check for the obvious signs of phishing (Authority, Urgency, Emotion, Scarcity and Current events)
Step 6 – Collaborate with suppliers and partners
Construction businesses rely upon suppliers to deliver materials, machinery, labour, and digital information (such as specifications and designs). Even for smaller businesses, your supply chain can quickly become large and complex, involving extensive use of sub-contractors and suppliers with a high degree of payments flowing to and from businesses.
Then there’s the less-obvious organisations that you rely on. For example, the provider of your email service, or the company behind the accounting software you use.
Cyber-attacks on your suppliers can be just as damaging as an attack on your own business.
This is why it’s important to employ cyber security when collaborating with suppliers and partners. You may be targeted as a way into the organisation you are supplying. This is very common in the construction industry, as you might already be working with organisations that the attacker wants to access through you.
Understanding your supply chain
Consider the implications if your supplier is attacked
Step 7 - Preparing for (and responding to) cyber incidents
When something unexpected happens, such as a cyber incident, it can be difficult to know how to react. Naturally, you will want to resolve the problem as quickly as possible so you can resume business quickly. Malware (and especially ransomware) is becoming increasingly common in the construction industry, so it’s essential to be prepared.
Prepare for incidents
Identify if you’re being attacked
Resolve the incident
learn from the incident
Need more support?
If you are looking for more support to make sure you’re on the right path, talk to us directly and let us help you to build the foundations for your cyber security today.
Comments