<img height="1" width="1" src="https://www.facebook.com/tr?id=373327176680496&amp;ev=PageView&amp;noscript=1">
BidCoach Logo
BidCoach: How Construction Companies Can Combat Cybersecurity Threats Blog Feature

By: Mark Fly on January 8th, 2021

Print/Save as PDF

BidCoach: How Construction Companies Can Combat Cybersecurity Threats

BidCoach Construction Tips



As the construction industry continues to increase the use of electronic data, cloud technologies, and hosted services, companies should be constantly seeking new ways to combat cybercrime. Whether it’s reading an email on a personal laptop, accessing a mobile app on a jobsite tablet, or using company software in the office, every employee accessing data through the cloud is at risk to a malicious cyber-attack. Construction is also a lucrative, high-cash-flow business, which makes the industry more appealing to criminals.

There are many types of cyberattacks, however the most common is phishing expeditions. A phishing attack usually comes in the form of an email in which the attacker is disguised as reliable, for example the company’s CEO or another employee. Once you’ve received and interacted with this email (clicking a link), the hacker gets access to the company’s system, exposing sensitive information like client or employee information, financial data and more.

Unfortunately, as it turns out, contractors aren’t heavily focused on cyber security. They tend to have their minds set on completing their construction projects within budget and schedule.


So, how can construction companies combat cybersecurity attacks? The key is to formulate a plan to combat the threats well before an attack even takes place. Check out the steps and actions highlighted below to ensure your company is protected.

  1. Be cautious, and vigilant.
  2. Educate employees about IT rules regarding personal use of connected company devices. Education is effective at reducing the chances of a cyber-attack.
  3. Continuously update company and employee passwords. Passwords should be at least 16 characters, and contain a combination of numbers, symbols, uppercase letters, and lowercase letters. The password should be free of repetition, dictionary words, usernames, and personal information. Using an encrypted password vault that is approved by your company IT can be crucial.
  4. At a minimum, utilize the latest updated firewall and antivirus software.
  5. Install a privileged account security solution on every employee’s device. This way an attack will be confined to a single device.
  6. Set different levels of permission so that, for example, a jobsite worker can’t access accounting files.
  7. Encrypt data, so that if obtained by an attacker they will not be able to use it.
  8. Implement a clear policy about acceptable employee use, like prohibition on visiting junk sites.

Check out these related articles on this subject:
Data Breaches, Cybersecurity, and the Construction Industry
The #1 Reason Your Construction Company May Be Hacked This Year
Construction: The Next Target for Cyber Criminals
What You Can Do to Improve Your Company's Cybersecurity
Greg Duyka: Keeping Your Mobile Data Safe

Subscribe below to receive more tips and tricks like these from the free, biweekly BidCoach newsletter.

Subscribe to the BidCoach Blog

About Mark Fly

Mark Fly is a Product Evangelist at ConstructConnect. He is also known as the Bid Coach to subscribers of his popular video series. Mark has 40 years of experience in construction, rising through the ranks from a labor position in high school to play a key role in the development of SmartBid software. He has also provided multi-faceted outsourced estimating services for many years, working directly with owners, GCs, subcontractors, suppliers, and more.