The coronavirus pandemic has forced many construction companies to embrace a more distributed workforce. Employees who can work remotely keep connected with online and mobile technology. Meanwhile, team members on jobsites may access company systems from their own mobile devices. Unfortunately, information technology (IT) security plans may not be up to the challenge.
An underequipped cybersecurity program may have security holes in light of the current climate’s influx of remote users. Such holes can provide cybercriminals with access to your network. By employing the following best practices, however, you can protect your construction company and its financial systems against threats such as cyber intrusions, data breaches, phishing, and ransomware.
Start With a Risk Assessment
Evaluate your networks so you understand types of data processing, storage, and protection. For example, you’ll probably want to prioritize protection of the following:
- Payroll records
- Accounts payables and receivables
- Employee Social Security numbers and other HR information
- Sensitive client information
- Drawings and blueprints of critical infrastructure
You’ll also need to understand the legal and regulatory requirements for protecting sensitive data. From there, you can implement the tools and procedures necessary to protect it from cyberthreats. If you don’t have IT experts on your staff, work with a qualified consultant to identify your business’s risks and build a strong cybersecurity program.
Educating and Training Employees
Cybersecurity training shouldn’t be a one-time session performed during new-hire orientation or when issuing new devices to employees. Require everyone to participate in refresher training periodically as hackers initiate new types of attacks and you update your security plan to defend against them.
Ensure employees know how to spot a phishing or malware email. These are emails (from external and internal senders) with suspicious links or attachments that, when clicked, download malicious software. If an email appears suspicious — for example, if the sender’s language or request seems out of character — employees should immediately call the sender to verify the email. If the email can’t be verified, employees should notify your IT security expert.
Special Security for Mobile Devices
Mobile technology continues to increase on jobsites, with many construction companies allowing employees to use their personal devices for certain tasks. To keep business data safe at every point of access, the personal devices and apps your employees use should be included in your company’s IT security strategy.
Take inventory of all devices and apps your team uses, including the make and version of operating systems. And ensure that your team members password-protect any devices they use for work to prevent unauthorized access if a device gets lost or stolen.
Patches and Backups
When personal computers and mobile devices are used for work, make sure your team members know to update their software and mobile apps whenever updates to patch security flaws become available.
Saving files to your computer puts the information at risk for theft or accidental deletion, so be sure to use a cloud-based solution to back up documents and files. Of course, cloud systems also provide authorized remote users quick and easy access to documents and project data at any time, from any location.
Finally, if you don’t already have it, consider buying cybersecurity insurance. This type of coverage mitigates losses from incidents including data breaches, business interruption, and network damage.
Review and Audit
Technology changes rapidly, and hackers change their tactics almost as quickly. Regularly review your cybersecurity procedures and ensure employees are up to speed. You may also want to engage an outside IT security expert occasionally to perform a thorough audit. The extra cost generally is much less than what your construction business could lose should a cyberattack succeed. Contact us for recommendations.
© Copyright 2021 Thomson Reuters.
Disclaimer of Liability
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.