Fashioning a strong cybersecurity effort isn’t easy. It requires an incredibly disciplined and complex security posture where responsibility and accountability are shared not just up and down an organisation’s hierarchy but across to the technology providers a company decides to work with.
At Bluebeam, we advocate for a shared responsibility model when it comes to construction cybersecurity. This means that several stakeholders must be involved to make cyber defences as protective and effective as possible. Together, their collective protection measures offer the most secure defences against the evolving threat of cybercriminals.
The following construction industry stakeholders have important roles to play to enact a collective cybersecurity response:
Contractors: First and foremost, construction organisations themselves must take cybersecurity seriously. There are several ways to do this, but most critical is taking steps to ensure that their identity information and stored data systems are protected and secure. It’s also essential that construction firms take a leading role in vetting the extent to which all their outside business partners and vendors are protected from cyberthreats.
Finally, construction firms have the responsibility to ensure that their employees are all educated in the individual measures they’re required to take to keep their own data secure. Knowing how to write effective and secure passwords, using virtual private networks (VPNs) and secure Wi-Fi networks for sensitive projects and engaging with multi-factor authentication protocols, for instance, are all imperative for a company’s employees.
Third-party cybersecurity providers: Every firm that aims to bolster its data security needs is likely to partner with an outside cybersecurity provider for help with services such as password storage, authentication or login security. It’s paramount that these external cybersecurity providers have their own defences in place.
Technology providers/partners: Any time a construction organisation acquires or engages in a licence or subscription to a new piece of technology, it’s essential that these technology providers have also taken the appropriate measures to ensure that their products are equipped to safeguard their customers’ data. Every technology provider must have its own application security, network and server security and internal corporate security.
Cloud computing providers/partners: With the proliferation of cloud computing and storage, every business nowadays engages with a third-party cloud provider such as Amazon Web Services (AWS), Microsoft Azure, IBM Cloud or Google, among others. These companies build large physical data centres all over the world, allowing their customers access to reliable and cheap data storage and exchange services without having to house expensive on-premise servers of their own.
Not only do individual construction organisations engage with these cloud computer providers, but so do their technology application partners and cybersecurity vendors. It’s therefore pivotal that, in addition to a company’s own cyber-threat defences and those of its technology and data security providers, these enterprise cloud providers have their cybersecurity in order, too.
They primarily can do this by focusing on the physical security of their millions of square metres of data centre facilities, and making sure that their underlying servers and networks are following the evolving set of government regulations focused on data security.
With these measures in place, construction firms now have the foundation to defend against the rising threat of cybercrime plaguing the industry.