How’s your construction company’s cybersecurity and will you get hacked?


  • Over 70 percent of cyber-attacks target small businesses.
  • Your company holds personal information on clients and employees as well as project specifications and other proprietary information.
  • Train employees on cyber-safe practices, keep your security software up to date, and remain diligent in assessing your cyber-security risks.

As the construction industry continues to adopt technology at a rapid pace, the issue of cybersecurity has become critical. Don’t think that just because you are a small contractor or use little software in your work, you aren’t under threat.

According to statistics from the National Cyber Security Alliance, more than 70 percent of cyber-attacks target small businesses. Over half of small businesses have reportedly experienced a cyber-attack, and nearly two-thirds of small to medium companies that are hacked go out of business within six months.

Over half of small businesses have reportedly experienced a cyber-attack.

Being big doesn’t make business immune, however. Everyone probably remembers the hack of retail giant Target’s billing system in 2013, an act which left many millions of customers vulnerable to credit card fraud.

Who wants your data?

The same hackers that want anyone’s data. Think about it—your company holds personal information and a wealth of other data, from intellectual property (yours and your clients’) to architectural drawings and project specifications. What would that information would be worth to a competitor?

Then imagine what hacking would do to the trust you have built with clients as well as employees.

Construction companies are at high risk because of three common practices:

  • A highly mobile workforce, meaning the typical employee works away from the office and uses a mobile smartphone for most communication.
  • File and data sharing outside the company with clients, subcontractors, and municipal agencies.
  • High turnover of employees. Anyone who leaves can take the information—or access to it—with them.

Anytime you or your employee use a mobile phone, tablet, or PC for business, you open your network to malware, ransomware, phishing attacks, and Distributed Denial of Service (DDoS) attacks.

How to protect your data

A combination of training, software maintenance, and diligence can set you on the road to a cyber-secure business.

Create policies and train your employees to follow best security practices, like keeping information confidential. Don’t let workers talk about anything under wraps out on the job site or in association meetings where they can be overheard. They shouldn’t be sharing information publicly, anyway.

Help your workers understand the importance of keeping passwords secret. Educate workers to never click links from unknown sources that could introduce a virus into your system, creating a backdoor for hackers to enter and steal your data. Also, lock down your IT policy, and implement requirements for severing system access once an employee or contractor is released.

Keep your software updated. You can install anti-virus software and firewalls, but if you don’t keep them updated, it won’t be long before a hacker has worked around your older versions.

That said, you have several software options to keep your data secure, including those listed above. You can install email and web filtering on your network and advanced threat detection for email and links.

Do your due diligence. Always perform a background screen on employees and contractors before allowing them access to your information. Do regular risk assessments of your systems to make sure you have plugged as many potential leaks as possible. Place strong permission controls on who is allowed to access each type of file. Most software solutions will enable you to limit access by individual or by level.

There is no guarantee that your company won’t suffer a cyber-attack, but you can certainly make it harder for hackers. If you are hacked, follow a policy of transparency for those whose data has been stolen and ask for help from a cybersecurity firm to help you shore up your defenses, if needed.

Guard your information, train your employees in safe practices, and keep your security software updated, including the operating systems on your mobile phones. Starring in the next cyber attack news story isn’t the type of publicity you want.

Keep fueling up! Here's your next article recommendation...

Sign up. Stay fueled.

Sign up. Stay fueled.