Blog

6th November 2020

Beware of the dangers!

We've heard of hackers invoicing our clients' employers. Do not give them access to your project costings!

Digital technology is transforming the way we work, giving us new tools to work smarter and more profitably. Remote working, email, online payments, BIM and even the virtual conferences we're attending during the pandemic - digital is at the very heart of our businesses today.

But with great opportunity comes massive risk, which could at best cause you some short term headaches and embarrassment in front of your clients, and at worst destroy your business.

The message is clear to every Contractor and Sub-Contractor working in the construction and engineering sectors - don't bury your head in the sand when it comes to cyber threats. And don't get complacent either, as the threats are constantly evolving and becoming ever more sophisticated.

Remember too that having a poor track record for cyber security could easily get around the industry, damaging your company's reputation and preventing you from winning new work. So, the stakes for staying secure could be higher.

Even the 'big boys' are getting hit

Major cyber attacks have already cost the construction sector dearly in 2020 with some of the biggest names being hit.

Within a four-month period earlier this year, major contractors Bouygues, Bam and Interserve all fell victim to malicious actors targeting their systems according to Construction News. They say that they were the first high-profile cases of modern cyber attacks on major construction firms but, given the prevalence of technology, it is unlikely they will be the last.

As an industry we're under-prepared

The problem is, in the construction sector we are just not very well prepared for cyber threats. According to the 2020 Cyber Readiness survey by Hiscox, the Construction and Property sectors were amongst the lowest ranked in terms of being prepared for cyber attacks. These sectors ranked 12th and 13th out of the 14 Hiscox looked at.

How can we get better at cyber security?

We've previously highlighted the issue of scam emails that are affecting construction contractors and sub-contractors every day - read our email scams blog here. However, that is only one of the risks. Construction News suggest five ways to lower the risk in your business:

1) Learn about the risks, and keep learning

There is a wealth of means available online for companies to learn about defending their systems from cyber attacks, some of which can be shown through accreditation. Those available include National Cyber Security Centre-backed cyber essentials accreditations, including ISO 27001 - a gold standard for information security management. However, security isn't a start-and-stop activity - you must have a programme of continued improvement and keep at it.

2) Update software

Cyber criminals look for weaknesses in software and apps to access sensitive data, while providers work to overcome the weaknesses to protect that data. Apparently, 90% of breaches arise this way. Hence, keeping your software up to date will do you a lot of favours.

3) Make sure staff don't click scam links

As we've said previously, this is so important. Of the successful security breaches last year, 9 in 10 were from phishing links. Just recap on what these are - they are emails pretending to be from companies or individuals that include links to download malicious software instead of linking to where they appear to go.

4) Plan for the worst

It's not a case of 'if' but 'when' so assume your systems will be breached. Figure out what you would do if you came into work tomorrow and your computer systems didn't work. Do you have manual processes to fall back on so your business can keep going?

You can get some valuable planning help at the National Cyber Security Centre (NCSC) - they have produced a tool called the Exercise in a Box, which is designed to help businesses find out how resilient they are to cyber attacks and to practise their responses. Find out more about Exercise in a Box here.

5) Outsource your cyber security

Any time or money you put into cyber security should be thought of as an investment or an insurance policy. So, one way to stay secure is to appoint IT professionals to keep you on track.

And, if your business can afford it, why not? Our speciality lies with designing, building and maintaining buildings, so we mustn't assume that we all have to be computing experts too! Our advice would be to focus on what you do best and let the IT experts do the same - it would be a small price to pay if it allows you to stay fully functional and profitable.

Summing up

Cyber security is an important part of every successful business and as important as the support services that we provide. We - Quantum - are not IT security experts but we think it is something every good business owner or manager should concentrate on.

As part of the Contractor and Sub-Contractor support services that we offer, we seek to help our clients run their businesses more successfully and deliver their services to the best of their ability.

You can find out more about what we do by taking a look at out About Us section and you can always send us a message if you need some specific help.

RICS member logo, providing Quantum CPM clients with independent assurance on the quality of our services
Chartered Institute of Arbitrators (CIArb) member logo, the professional body for dispute avoidance & dispute management
Society of Construction law member, supporting its aims to promote the adoption and understanding of construction law