Document Security in Construction

Construction Leaders: Is Your Document Data Secure?

As the construction industry becomes more digital, here’s what leaders can do to have the right protocols in place to ensure critical document and project data remains secure

In an increasingly digital and interconnected world, many companies overlook one of the simplest technology tools that can have an outsized impact on productivity and efficiency: document security.

Understanding the importance of the protection and dissemination of data included in construction documents is the first step in supporting the growth and efficiency of the architecture, engineering, construction and operators (AECO) industry.

A recent study by Autodesk and FMI estimates that bad data cost the global construction industry $1.85 trillion in 2020. Maintaining relevant, accurate and complete data sets that can be used to inform data-driven decision-making is an important step for construction firms wanting to thrive in the age of information technology.

Securing your data goes hand-in-hand with creating and maintaining it, however. According to Surkay Baykara, senior information security consultant with PCI DSS, “[data] security is the maintenance of all essential documents stored, filed, backed up, processed, delivered and eventually discarded when they are no longer needed.” In the 2021 Cyberthreat Defense Report, roughly 86% of the 1,200 companies surveyed had data compromised by at least one successful cyberattack in 2021, the largest annual increase in successful attacks since 2015.

In addition to the increase in cybercrime, non-malicious data breaches are also becoming more common as a large percentage of the workforce has shifted to remote work. These types of breaches are often due to human error, such as accidently sending the data to the wrong recipient, either via email or mail; displaying incorrect data within an individual’s online portal; or simply sending files to multiple recipients whose information is visible to one another.

Training your team on their responsibilities and keeping communications and other systems up to date can help to reduce these types of incidents.

Stages of data security

Capture: This is the process stage that describes the “onboarding” of information in the data management system. This can include scanning hard-copy documents, filing emails or creating and saving documents directly from an application. Along with capturing data, sending the data to an appropriate storage location (“routing”) is equally important.

Store: Data storage can be applied to both hard-copy documents or electronic systems. The storage type, location and access security required for each type of data is an important consideration for companies as they implement these types of processes.

Data Management: This stage of the process is concerned with managing the permissions, user roles, versioning control and audit trails of the data. An important part of maintaining a secure data environment is limiting access to those individuals who would need to gain direct access to the information and maintaining records of every activity or transaction applied to a piece of data (who did what, when). This allows companies to prove activities related to maintaining security to stored data, especially when a data breach occurs.

Preserve: Data retention is a key aspect of validating and ensuring a secure data environment. However, as resources—digital or physical space for storage, for instance—are limited, maintenance is required to remove invalid or outdated data. Some information is required by law to be kept for a certain number of years. Once data no longer needs to be stored, setting up policies to securely dispose of it is critical.

Access and Sharing: This is also known as the “delivery” stage and focuses on how data can be shared securely with other users or business partners. This is often accomplished using shared folders or drives, but without proper management, this can lead to unauthorized access and data breaches. Accessing data via mobile devices—such as tablets or phones—also causes more complexity in securing data access.

Integration: Exchanging information with other business applications allows for a comprehensive overview of systems or data to create logical, data-driven decision-making capabilities for individuals. For this to be truly successful, all the preceding stages are critical to providing consistent and accurate data.

Types of data security

Finally, how can companies and individuals begin to securely validate the data they create? Below is an infographic describing six common types of data security practices. Following that is a series of infographics comparing the three main ways we in the construction industry typically validate data for transfer. Understanding the tools available to your company can better help inform decisions when it comes to data security and validation.

Cybersecurity in Construction

Cybersecurity 101: here’s what contractors need to know.