Businesses in the construction industry, just like every other industry, are at an increasingly growing risk of a cyberattack. Even though the number of such attacks is lower in construction compared to other industries such as health care or defense, there is always a possibility that a hacker will gain access to confidential information pertaining to a business’ customers, employees or construction projects.  Once this happens, the hacker can do whatever he pleases with the information, including blackmailing the company under the threat of destroying the data.  What’s more, a hacker can also blackmail individual employees and customers by threatening to spread sensitive information if monetary demands are not met.

For this reason, it is advisable for contractors and design professionals to prepare themselves accordingly. Thanks to proper preparation, an attack, which would otherwise be a piece of cake for the hacker, may be foiled. Below are a few measures you can take to protect your business against the possibility of a cyberattack.

Employee Training

Unfortunately, many business owners underestimate the threat of cyberattacks because they think their businesses would never be a target due to their small size. This couldn’t be farther from the truth. In fact, a report prepared by Verizon in 2013 found that 85% of cyberattacked companies are small businesses. For this reason, employee training should now be mandatory.

Employee training should include education of your staff about terms such as email phishing, Trojan horses, malware, antivirus and backups. The vast majority of your employees, if not all of them, use the Internet in one way or another for work. Hackers and spammers may send email to your staff that appears to be sent by a colleague, a family member or a customer. It is crucial that your employees understand how to distinguish a spam or phishing email from a legitimate email. They should also be taught how to perform regular antivirus updates and scans. Antivirus programs are only capable of detecting a virus if the virus is recognized in the database. Regular antivirus database updates are therefore necessary. Furthermore, malware may be present on an employee’s computer without that person or the installed antivirus program noticing until after the computer has been scanned for viruses.  If scans are only being done every few months, this can present a major problem.  So doing regular scans is also a good idea.

Incident Response Plan

Research performed by QBE Insurance Group in 2013 found that only 44% of companies in the construction industry claimed to have some sort of cybersecurity plan in place. This is in stark comparison to the financial services industry, where 94% of all businesses surveyed claimed to have an incident response plan in tact.  Regardless of your business’s size, you need to have some sort of plan in place so that you’re prepared if the unthinkable happens.

A proper cyber incident response plan should decrease suffered damage, increase the confidence stakeholders have in the company, and reduce recovery costs and time. It should outline exactly what needs to be done in the event of an attack and make decision making easier by outlining who will have the decision-making power if or when things go awry. This ensures responses can be made quickly. The plan should also facilitate internal, as well as external coordination.  Internal coordination should consist of communication between individual departments, whereas external coordination should make communication with third parties – including cybersecurity consultancy firms, forensic firms and attorneys – easier.

Using Secure Equipment

Last but not least, your construction company may benefit greatly by using secure industrial computers and tablets to safeguard confidential data. Using devices with CAC card readers or biometric scanners will help to protect your sensitive data because only authorized individuals will be able to access it.

Often times in the construction industry, tablets and other devices wind up on construction jobsites. Sensitive data is often stored on such devices. Unfortunately, it’s not uncommon for a device to be lost or stolen while on-site, which puts your business at an increased risk of sensitive data winding up in the wrong hands. Using hardware that can make accessing this type of data extremely difficult helps protect your business from things like this happening.


There is no concrete or definitive method of dealing with the risk of cyberattacks. Although the probability of a cyberattack on a construction business is lower than in the other industries, it can – and does – happen. By following the advice outlined in this article, you’ll help to minimize the chances of it happening to your business.