Cyber Security Advice for Construction Businesses

Our head of security, Steve Witty, gives his take on the National Cyber Security Centre's new guide for construction businesses…

The National Cyber Security Centre (NCSC) recently released a guide aimed at all types of businesses within construction, with the aim of increasing cyber security across the sector. This is a timely must-read for the industry, considering the increased concerns around cyber-attacks in the current climate.

A commitment to cyber security

Across construction, from the smallest to the largest companies, we all rely day in, day out, on IT and digital systems. The NCSC’s new guide provides easy to digest and understandable steps everyone can take to protect themselves from increasing threats. Security is much akin to safety, which we all embrace on our sites, and putting protective measures in to defend against cyber-attacks is much the same as wearing a hard hat.

At Willmott Dixon, we hold both ISO27001 and Cyber Essentials Plus certifications, which underline our commitment to cyber security. For smaller businesses, ISO27001 might not be necessary or practical, but Cyber Essentials is a good baseline for any company, regardless of the size. For larger companies that manage their own IT, in my opinion, Cyber Essentials Plus should be the aim.

A practical guide

You don’t need to be hugely technical to understand the NCSC’s guide, and it offers practical steps to help ensure you are building your business on a secure foundation. It is split into two parts, the first aimed at helping business owners and managers understand why cyber security matters, and the second aimed at advising staff responsible for IT equipment and services within construction companies on actions to take.

Simple acts such as better passwords, two factor authentication and patching can make a huge tangible difference.

The advice outlines seven steps for boosting resilience, covering topics including creating strong passwords; backing up devices; how to avoid phishing attacks; collaborating with partners and suppliers; and preparing for and responding to incidents.

Being hacked, or simply having usernames and passwords compromised can have a huge impact on your business, and ultimately your profits, so I would urge anyone who uses a computer, tablet or even mobile phone to conduct their business, to read this guide. The guide is aimed at small and medium sized businesses within construction, but if you’re a larger company, ask your IT department to confirm they are following the guidance.

You can view the new Cyber Security for Construction Businesses guide by clicking the link. The NCSC also has a lot of other useful guides and resources you can use for free to help bolster your security, such as online Cyber Security Awareness Training and lots of other Guides and Advice.