4 Ways to Protect Construction Site Networks and Data

Most construction executives expect to be hit by a cybercrime, but 68% of companies have no security measures in place.

NordVPN teams
NordVPN Teams can be used on multiple devices.

The good news: construction companies are joining the digital revolution by using increasingly advanced technologies on the jobsite. The result is increased efficiency, safety and profitability. 

The bad news: connecting devices and machines to the IoT exposes that equipment and its shared data to cyber crime. The rate of cyber crime on construction sites is going up, according to a New York University study titled "Cyber security challenges and vulnerability assessment in the construction industry." Thieves are looking to steal proprietary information, gain access to unauthorized files and tamper with existing records, the study says. 

NordVPN, a virtual private network service provider, recently published tips for maintaining cybersecurity in the construction industry:

According to the Cost of Data Breach Report 2020 by IBM, the average cost of a data breach in the industrial sector was $4.99 million. GlobalData, a data research company, predicts that the industrial sector’s value will soar to $12.9 trillion by 2022. After rising consistently by 3.6% since 2018, it has now caught the eye of cybercriminals. Over half of all construction executives believe their firms will be hit in the future, yet worryingly, 68% of firms have no security measures in place.

    “The more contributors to the project, the higher the risk of cyberattack. Only one compromised device is needed to hijack the systems of others. Before providing a third-party with access to your corporate network, make sure robust cybersecurity measures are in place. A standard VPN connection is a good option”, says Juta Gurinaviciute, chief technology officer, NordVPN Teams.     .

    Cyber Attacks on the Rise

    IBM’s X-Force Threat Intelligence Index 2021 has observed a 49% annual increase in industrial control system (ICS) attacks.

    Other cybercriminals may aim for digital assets transferred or stored insecurely. Workers are increasingly dependent on digital tools in everyday operations. Innovative building firms employ Building Information Modeling (BIM) as a central database for blueprints, designs, and other assets. BIM is also used for collaboration with stakeholders from different building-related areas. Using devices and construction tools that are connected, workers can update BIM in real-time, improving communication and efficiency. The amount of end-point devices, however, mean the risk of exposing sensitive information is extremely high. 

    “The construction industry is heavily interconnected. Several building sites need to exchange data with headquarters and routinely access cloud services. Most workers use laptops and other end-point devices, with architects, engineers, and sub-contractors contributing online. The building industry isn’t manual labor anymore — it’s a sophisticated and digitally-managed trade, using high-end innovations and tools”, Gurinaviciute says.

    Data breaches primarily affect company processes, resulting in prolonged downtime and operational disruption. Verizon recently found that only 5% of data breaches are caused internally, whereas external factors cause 95%. Security teams should implement segmented network solutions such as virtual private networks (VPN) to strengthen their corporate IT infrastructure.

    How to protect corporate network and data

    • Secure mobile workforce. Remote-working is relatively commonplace for builders shifting between different construction sites. If workers need assets from the cloud or a corporate network, make sure they’re accessing them via an encrypted and secure VPN connection. 
    • Establish a protected network. Building projects rely on teams constantly communicating with each other. All manner of different assets pass through networks that are often unprotected. A business VPN puts all workers and building sites within a secure software-defined perimeter and safely protected from outside threats. It should also be established whenever construction ceases. Connecting smart sensors to a VPN will hide the network and protect it against cyberattacks. 
    • Check your third-party stakeholders. Building developments involve contractors, sub-contractors, architects, consultants, and clients — all parties communicating regularly. A standard VPN connection is a good option for these situations.
    • Ensure general cybersecurity. Some business VPNs provide custom gateways for different teams and branches. It enables access to cloud resources or company servers but directs traffic from other building sites separately. Contractors are also responsible for installing and setting up smart control systems on their network. It’s their responsibility to maintain security, regularly update default passwords, and lead by example for the rest of the industry.