Planning for a Crisis: The Importance of a Cyber Security Plan in UK Construction

As technology continues to evolve and surprise, we often find ourselves playing catch-up when it comes to keeping our business data and infrastructure protected.

To ensure your construction company can immediately get to the business of helping its community it’s vital to have a meticulous crisis plan — and the right technology — in place. Hybrid working and unparalleled reliance on computers has left many construction companies vulnerable to cyber attacks.

Phishing scams, hackers, and wire transfer scams have been on the rise since March 2020. In fact, 35% of ransomware and methods used on attacks were previously unseen before 2020. However, it seems that directors are beginning to feel they can let their foot off the gas in recent years.

According to a recent survey by the UK government, there has been a decrease from 82% in 2022 to 71% in 2023 where respondents were asked if they valued cyber security as a priority. When coupling this with the fact that Cybersecurity Ventures predicts that cost of cybercrime will grow to $10.5 trillion by 2025, and it seems companies could be setting themselves up for disastrous consequences. 

If burglaries were on the rise in a business park, the designated security company would increase its presence. However, construction companies have yet to adopt a cyber security mindset. If your data is compromised, so are your business workflows, your customers’ data, and your reputation. We don’t often think about how our operations would be affected should an outage or a phishing attack occur — but we should be.

No business wants to imagine being a victim of a security breach or severe data loss, but preparing for the worst puts your business in the best position moving forward, because you can act quickly and have more control of the outcome.

The hardest part of creating a recovery plan is the first hurdle: deciding what needs to be included. This will vary from business to business, but there are factors that will remain the same for many.

We’ve outlined some of the basic questions you need to ask in order to start forming an effective crisis plan — and surprisingly, it isn’t all related to data.

• Do you have a role acting as a central resource to manage disaster recovery across multiple departments?
• Are your employees and clients regularly given information on best practices for UK cyber security?
• Do you have vital personal information, like employee and customer records, securely backed up to ensure limited business disruption?
• Do you have an outline for how you will tackle sensitive information being stolen, i.e. credit card details, home addresses, system passwords.
• Do you have a separate outline for how you will tackle sensitive business information, i.e. government documents, project documents and blueprints, project login credentials.
• Is there a set period of time in which you have to recover lost data for insurance, project, and contract purposes? What is this?
• Do you have a continually updated inventory of equipment and assets? Is documentation like insurance and contracts, up to date and backed up?
• How would your communication plan to customers and clients look?
• How will you make your employees aware of the cyber security plan and any future changes that are made?

A solid cyber security disaster plan can get quite detailed and it should be consistently reviewed, practised and updated to net the best results in case of an incident.

By using cloud-based, connected construction software contractors shift the responsibility of maintaining servers, ensuring SOC 2 Type II compliance, and data backup and storage. Project and business data backups happen automatically, providing daily protection, with costs often included or rolled into users’ subscription costs. That eliminates expensive capital assets for servers or IT strain and overhead to consistently maintain the hardware. 

New software features and security functionality are also rolled out automatically. By coupling the backups with cyber security protections, cloud vendors use the latest technologies to thwart cybercriminals and provide an extra level of protection not otherwise achieved through in-house backups.

The software partners you choose play an integral role in cyber security. Trimble Viewpoint UK is certified in the following:

• ISO 27001
• SOC I and SOC 2 Type II
• Cyber Essentials Plus
• Amazon Web Services (AWS)
• Microsoft Azure
• MoD CyDR (DART) Accreditation