Construction

Construction companies are fast becoming a favoured target among cybercriminals.

Construction firms are currently dealing with a huge array of new risks – both on and offsite. A threat can expose all of a company’s digital assets, including business plans and acquisition strategies; proprietary construction plans and designs; customer, contractor, and supplier lists and pricing; personally identifiable information (PII) of employees and contractors; protected health information of staff as well as facilities security information. Threats can also severely interrupt the manufacturing and building process, hit profit margins, and cause reputational damage.

Some Key Areas To Review

Inadequate Defences

  • Construction companies often have inadequate firewalls or defences against cyber-attacks.
  • Consumer-grade antivirus software is often used but is generally insufficient to thwart determined attackers.

Subcontractors and Vendors

  • Construction companies can be heavily reliant on subcontractors and vendors.
  • If subcontractors and vendors have unrestricted access to your systems or applications, it can pose a serious security threat.

Vulnerability Management

  • Companies use multiple digital systems, complex software and communication devices across multiple job sites.
  • Devices and applications must be continuously patched and updated with the latest security fixes.

Legacy Devices

  • Use of certain devices or applications that may no longer be supported in the market.
  • This means the device/application will no longer have applicable updates and security fixes, leaving it vulnerable to attacks.

Remote Work

  • Employees take their devices home or on the road at various sites, conferences and remote areas.
  • Unsecured public wifi, different cellular providers or having other people access their devices can pose a security threat.

Ransomware and Phishing

  • Attackers can access and lock down important data, demanding large sums of money to release it without guarantee.
  • It might not lead to a loss of information, but it can cause enormous amounts of lost productivity and business delays.
  • Malicious emails designed to look genuine can only take one unsuspecting employee to click on a link or attachment.

Did you know...

According to one study, construction companies were the third most common industry targeted by hackers. In 2020-2021, nearly one out of six construction companies reported a ransomware attack.

Get Same Day Support!

When IT issues strike, you need same day solutions and an IT Helpdesk that will get your team back to work.

Our IT company provides IT solutions for SMEs across Canada. With experts in every field of IT, you never have to wait for contacts at some vendor – we take care of it.

Key NIST/CyberSecure Canada control points:

Mobile Computing

  • Ensure your laptop and personal digital assistant (PDA) are encrypted and password-protected.
  • If a computer or PDA uses wireless connections, ensure all wireless communications are encrypted.
  • Ensure encrypted backups are in place.
  • When using USB flash drives, use only devices that have built-in encryption and require passwords.
  • Implement mobile device management to deploy org-wide configuration and compliance policies.

Password Guidelines

  • Ensure your computer has a user profile lockout policy in place that requires reentering a password to gain access.
  • Have strong password policies in place, including password complexity, password age and use of MFA.
  • Use of password managers in accordance with NIST and Cyber Secure Canada guidelines.

Email Security

  • Use appropriate signatures and standard disclaimers on email messages, faxes and other documents.
  • Report spam/junk emails immediately.
  • Carefully address emails and double-check names in the address lines.
  • Be cautious when communicating sensitive information via email.

General

  • Perform weekly scans to ensure endpoints are up to date and unauthorized software is not installed.
  • Make weekly backups and keep backups securely offsite.
  • Ensure policies are in place preventing access to restricted websites and software.

Staff Empowerment

  • Educate staff and end users about cybersecurity.
  • Require regular security awareness training.

Cyber Insurance

  • Cyber Insurance generally covers your business’s liability for a data breach involving sensitive customer information.
  • Cyber insurance and cybersecurity frameworks have a symbiotic relationship, with one enabling and reinforcing the other.
fixing server

Fusion Computing targeted remediation:

Risk Assessments

Risk must be gauged and prioritized based on factors such as probability of occurrence, impact on the organization, and prioritization.

Risk assessments should be conducted or reviewed regularly and at least once per year.

Security Controls

  • Anti-virus and MDR
  • Secure encrypted backups
  • Data Loss Prevention
  • Encryption at rest and in transit
  • Firewall
  • Incident Response Plan
  • Mobile Device Management
  • Policies and procedures
  • Security Awareness Training
  • Vulnerability Management
  • Multi-Factor Authentication

The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices Fusion uses to strengthen your cybersecurity posture. This simplified cybersecurity approach is proven to help you defend against today’s top threats.

Testimonials

See why top employers and small business leaders say Fusion is the Best IT Company in Toronto

"It is refreshing to work with a technology vendor that is reactive in an expedient manner to our needs as a business. Fusion takes the time to learn what your current and future goals are, offers options to help you achieve them, and make you feel like your business is valued. This partnership has allowed us to reinforce the security of all our operations, protect our customers, and increase our overall efficiency. What a great TEAM!"

Naomi Clarke

Idea Factor

"I have worked closely with Fusion over the past year and I have to say that these guys are great. They manage our Infrastructure, Virtual Machines, Backups, Security, implemented our Cloud Solution with O365 and are our IT Support for staff and desktops. They came highly recommended so I am doing the same for you."

Judie Law

"Fusion Computing has been the best IT Services provider we’ve ever had. Their managed IT services offering covers all 4 of our JP Motors locations bumper to bumper. They take the time to work with us to help us understand our budget and provide solutions from help-desk through to IT Strategy. Highly recommended!"

Ryan Pattinson

JP Motors

Latest Blogs

Learn about critical IT topics from our experts. We cover everything from new cloud based tools, to IT outsourcing and disaster recovery.

  • security audit checklist

    Understanding BGP Hijacking: Threats and Prevention

    Understanding BGP Hijacking: The Threat and How to Prevent ItIn today’s interconnected world, the integrity of internet routing is crucial. However, incidents like BGP

  • Municipal Building

    Cybercrime Escalation: How Municipal Governments Can Combat Rising Threats

    Municipal governments are increasingly under siege from cybercriminals, as highlighted by recent attacks. The Town of Arlington, MA, recently lost $445,000 in a Business

  • mfa example

    Understanding MFA Fatigue Attacks: A Growing Cybersecurity Threat

    Multi-Factor Authentication (MFA) has become a cornerstone of modern digital security, adding an extra layer of protection to user accounts beyond just a password.

security audit checklist

Understanding BGP Hijacking: Threats and Prevention

Understanding BGP Hijacking: The Threat and How to Prevent ItIn today’s interconnected world, the integrity of internet routing is crucial. However, incidents like BGP

Municipal Building

Cybercrime Escalation: How Municipal Governments Can Combat Rising Threats

Municipal governments are increasingly under siege from cybercriminals, as highlighted by recent attacks. The Town of Arlington, MA, recently lost $445,000 in a Business

mfa example

Understanding MFA Fatigue Attacks: A Growing Cybersecurity Threat

Multi-Factor Authentication (MFA) has become a cornerstone of modern digital security, adding an extra layer of protection to user accounts beyond just a password.

Don’t Keep Letting Your IT Get in the Way of Your Growth

Book a FREE, no obligation IT Assessment to get a clear picture of your current IT situation