GOT A QUESTION

ASK A TECHNOLOGY EXPERT

Seeking ways to be more productive? Curious how technology can impact your jobsite? Caterpillar application, equipment and technology experts are available to answer your questions.

ASK YOUR QUESTION

CAT

CYBERSECURITY IN THE CONSTRUCTION INDUSTRY: 10 QUESTIONS

Connectivity is delivering big benefits to the construction industry—higher productivity, lower costs, a safer work environment. But as companies like yours grow more dependent on internet-connected technologies, data security becomes more critical than ever. It’s unusual to hear about a data breach in the construction world, yet the risks are there and need to be managed. Although this topic is best addressed with IT professionals, here are a few questions to get you thinking.

Cybersecurity-for-your-business

CyberSecurity-for-your-business

Be prepared
The benefits of connectivity are real. Companies everywhere are bringing internet-connected technologies to the job site to save time, cut costs, increase operator productivity and create safer work environments. But as you invest in a more efficient and profitable business, don’t overlook the importance of data security. Make it priority now.

CYBERSECURITY IN THE CONSTRUCTION INDUSTRY: 10 QUESTIONS
Connectivity is delivering big benefits to the construction industry—higher productivity, lower costs, a safer work environment. But as companies like yours grow more dependent on internet-connected technologies, data security becomes more critical than ever. It’s unusual to hear about a data breach in the construction world, yet the risks are there and need to be managed. Although this topic is best addressed with IT professionals, here are a few questions to get you thinking.

    1. Am I really a target?
      Any business connected to the internet is at risk for a cyberattack. And it’s not just large companies. A report from Verizon says small businesses represent 85 percent of the targets of opportunity for data breaches.1
    2. Hackers—coming after me? You’re kidding, right?
      Cyber criminals are everywhere, but studies say the most common cause of a data breach isn’t hacking. It’s lost or stolen portable devices such as phones, laptops, tablets and flash drives.2
    3. Which systems are vulnerable?
      All of them. Unauthorized users could exploit any of your data, whether it comes from a Building Information Modeling (BIM) system, telematics solution, project management software, CRM tool, or corporate financial or HR system. Your clients’ data—as well as your subcontractors’—may also be at risk if you share network access.
    4. What kinds of data are most valuable?
      Some intruders want site plans, drawings, contract terms or bid information. Others could be after fleet data, customer records, financial statements or banking info. Identity thieves would love to get their hands on personal information about your employees—full names, social security numbers, bank account data, medical history. And some folks just want money. Using what’s called a ransom-ware virus, they capture your data and hold it hostage—effectively locking you out of your systems until a ransom is paid.
    5. What will a data breach cost me?
      The average cost of a data breach is $4 million, according to a 2016 report from the Ponemon Institute, an independent research firm that studies information security. The average cost per lost or stolen record is $158.3
    6. What’s included in those costs?
      The costs associated with a data breach vary according to the situation, but you can expect to spend money on things like:

        • Internal investigation of the breach
        • IT experts hired to find and fix the issue
        • Other professional services (legal counsel, crisis communications, hotline support, free credit monitoring)
        • Communications to employees, clients and othersOther costs could include:

      Other costs could include:

      • Downtime, lost production and other work disruptions
      • Loss of future business due to erosion of trust
      • Investments in new solutions to prevent future breaches
      • Regulatory fines or penalties
      • Litigation
    7. Won’t my insurance cover it?
      That depends. Many general commercial liability policies don’t cover cybercrime, so you may need extra protection. However, all cyber policies are not created equal, so your best bet is to work with a trusted provider who can tailor coverage to meet your needs.
    8. Who’s accountable for maintaining data security?
      Everyone in your company has accountability. It starts at the top with leaders who are willing to invest time and resources in developing a security strategy, administrative policies and written workplace procedures. All others in the organization need to be educated about your policies and trained to use specific processes that support your data security goals. Data security should be part of the ongoing conversation between employees and their supervisors and a component of the annual performance review process.
    9. What specific steps can we take to secure our data?
      Start with the fundamentals.

        • Inventory the data. Know exactly what you have, where you store it and who has access to it.
        • Store data centrally—either on secure servers or in the cloud—but not on individual hard drives.
        • Invest in an enterprise-grade firewall and make sure security patch updates get done regularly.Use centrally managed anti-malware on all company devices, even personal devices that can access company networks.
        • Make sure all personal devices used to access company networks are equipped with data encryption, passwords or PIN locks.
        • Insist on rigorous password protection. Use a mix of numbers, letters and symbols. Change passwords every 90 days. Include lock-out provisions that freeze accounts after a certain number of incorrect log-in attempts.

      Make sure all data is backed up on a regular schedule.

    10. How do I choose an IT security partner?
      Start with your professional network. Ask friends and associates for referrals and recommendations. Look for someone with proven experience in the construction business. Inquire about advanced qualifications and certifications. Interview more than one candidate. Speak with references and read reviews on the internet. Before making your final choice, clarify expectations regarding time, scope, cost, personnel requirements, communication, training and other factors that are important to you. 

Be prepared
The benefits of connectivity are real. Companies everywhere are bringing internet-connected technologies to the job site to save time, cut costs, increase operator productivity and create safer work environments. But as you invest in a more efficient and profitable business, don’t overlook the importance of data security. Make it priority now.

1 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdf
2 http://www.psfinc.com/articles/construction-cyber-liability-part2/
3 http://www.zdnet.com/article/data-breach-average-costs-hit-4-million-mark/