« TRUELOOK BLOG

Cybersecurity: Six Ways to Minimize risk in Construction

Six ways to improve cybersecurity

Having robust cybersecurity has not always been at the forefront of many firms risk planning. Increasingly, though, protecting critical digital systems is a necessity. Like many businesses and sectors, the threat of cybercrime has expanded for construction firms in recent years. More back office processes have been digitized and are cloud-based. Also, on the job-site, more devices like cameras and wearables are connected to the Internet of Things (IoT).

The average cost of a data breach in the industrial sector was $4.99 million in 2020. Global Data reports that more than half of construction executives believe their firms will be victims of cybercrime in the future. Though, 68% have no cyber security protection measures in place. Now, cyber systems are also considered critical infrastructure.

Cybersecurity Breach Risk is Growing

Methods used by cybercriminals and hackers are proliferating and becoming more complex and harder to recognize as malicious. Phishing attacks happen when cyber criminals use authentic-looking emails to trick individuals into revealing information such as passwords and credit card numbers. Proofpoint reports that 74% of organizations in the U.S. experienced a successful phishing attack last year. Another entry point for cybercriminals are ransomware attacks. Cybercriminals infiltrate uses vulnerabilities in cybersecurity systems and gain access critical systems like financial records or customer data and hold for ransom. These attacks more than doubled in 2021.

The construction industry is number one industry target of ransomware.

According to the Verizon 2020 Data Breach Investigations Report, social engineering schemes were the primary cyber threat plaguing the construction industry. In these emails, criminals impersonate senior management and key vendors and attempt to convince victims to wire funds or provide sensitive data that they can sell.

Cybercrime can lead to massive losses for construction firms, stemming from liability to third parties, ransom payments, legal services, business interruption and damaged reputation. Small and medium size businesses (SMBs) like many construction firms are less protected targets for cybercriminals. SMBs are a growing segment of victims. Starting with these important measures, firms of all sizes can strengthen cybersecurity now.

1. Educate employees on how to spot a threat to your cybersecurity

Spotting cybersecurity threat of phishing email

Suspicious activity often goes unnoticed for longer because it’s hard to spot. Simply educating employees on what a threat could look like and how to report it can reduce risk substantially. Specifically, they should look for the sudden appearance of new apps or programs on their devices, unusual popups or new extensions, or sudden loss of control over a mouse or keyboard. Help them look for tell-tale signs of a phishing email or social engineering attempts. These include grammatical and spelling errors, inconsistencies or suspicious attachments, and clarify procedures for reporting potential threats to the appropriate people in the organization for investigation. Make sure to normalize reporting, as well. Even if it’s a false alarm, it’s better safe than sorry.

2. Deploy multi-factor authentication for logging in

Multi-factor authentication to increase cybersecurity

One of the simplest ways to ensure that it is harder to crack your cybersecurity systems is to use multi-factor authentication (MFA) when possible. MFA is one of the National Institute of Standards and Technology cybersecurity basic measures

3. Ensure employees take care of physical devices 

lost and broken cell phone is cybersecurity threat

Forrester found that 15% of data breaches occur on lost or missing devices. Reduce the risk of lost devices being used by cybercriminals, take preemptive measures. These include steps like setting clear protocols for password protection, software updates, and shutting down and storing devices when not in use. Ensure your cybersecurity policy is clear and understandable, and communicate that protecting the organization from an attack is everyone’s responsibility. 

4. Use single sign-on for cloud-based applications

Single sign authentication box

Single sign-on (SSO) is an authentication technique using a SSO platform tool. Users then log on to several applications at once with a single ID and password. SSO platforms such as OneLogin and Okta can improve security by reducing the attack surface and eliminating the need for employees to maintain multiple passwords for separate apps. Organizations can combine SSO with 2-factor authentication to decrease vulnerability during log-on.

5. Implement device discovery and recognition software

tablet in device recovery mode

 Technology devices on construction sites are proliferating rapidly. For example, sensors, wearables, robotics and other devices on the jobsite are both innovative and more of a cybersecurity risk. IT scanning software can help IT teams create and maintain a complete and accurate inventory of all IT assets, including information about potential vulnerabilities. This enables them to determine if devices need updates or patches. If a device is running old antivirus software or an old unsupported operating system, it is more vulnerable. 

6. Encrypt sensitive information for greater cybersecurity

Fingerprint for data security encryption

 Encryption helps to prevent unauthorized people from reading data and enhances the security of communication between client apps and servers. There are various methods of encryption. You should talk to your technology vendors about how they leverage encryption in their products. This is particularly true for devices that may transmit sensitive information such as sensors, operational technology, handheld data collection devices and construction cameras.

Cybercriminals Exploit Cybersecurity Vulnerabilities

TrueLook takes security very seriously, both on the physical jobsite and the back office. We’ve designed our advanced camera solutions with security in mind. Our server and camera connections are completed over TCP/IP, and the camera interface operates entirely over HTTPS. This means all data is accessible only via an encrypted connection. Also, we offer user-level security. User accounts can be created for each project, limiting access to unwanted viewers. Users can be also assigned varying levels of access. 

Learn more about our market-leading construction cameras and how we’re enabling forward-thinking construction firms with highly secure solutions. Read up on our advanced features or schedule a live demo today.