Billions available for cyber compliant construction companies
The most recent U.S. Census Report estimated government construction spending at $343.8 billion. These contracts are a valuable and steady source of income for many construction contractors. With new opportunity, comes new risks. Many organizations are falling behind with their cybersecurity procedures. In order to be eligible for these profitable projects, construction companies must comply with all cybersecurity regulations.
While there are many necessary and mandatory frameworks and policies to implement, we have laid out 5 easy steps you can take to begin complying with federal regulations:
- Security skills assessment and appropriate training to fill gaps - Training and evaluation should evolve at the same speed as technology and risks. Understanding that human error is one of the greatest vulnerabilities to your data is the first step in protecting critical information. Routinely assessing and identifying gaps in security is key to developing and implementing a robust policy and training program.
- Multi-factor authentication (MFA) - MFA implements multiple layers to ensure a secure access point within the environment. This process starts at the login page when the user inputs their password. A good password is something that is not easily guessed, includes multiple special characters, and does not imitate a word. This second step can be a code sent to your smartphone, email, or even a required fingerprint. These measures and systems are easily applied to an existing network and can add an extra layer of security protecting your data and client information. MFA verifies that the individual submitting the password is associated with that account and that the individual is allowed access to the data.
- Controlled use of administrative privileges - Once you have secured your accounts, you need to determine administrative privileges. While some executive employees need access to most applications within a digital environment, most employees do not need administrative privileges. Keeping the universe of administrative privileges small is important. For example, a laptop with administrative privileged stolen from a construction site will compromise your entire environment, cause delays in work, cost time and money. Understanding that limiting access can protect the overall system when there is a security incident is a vital part to safeguarding costs and revenue.
- Antivirus and endpoint protection - Many construction contractors utilize multiple remote and mobile endpoint systems. Some of these systems are left on site while others are secured within a facility. With this many potential avenues of infiltration, it is a best practice to ensure each device has end-point protection. This includes anti-virus software and other programs securing both the system and environment.
- Incident response & management - While many security measures are useful, they are not foolproof. Like the old saying goes “failing to plan, is planning to fail.” With that in mind, it is paramount that your organization develops and implements a proper incident response framework. This includes the steps to take when there is a cybersecurity incident. Generally, government contractors are required to notify the appropriate agency and officers within a 72-hour window of any “Information Security Incident”. An “Information Security Incident” is usually defined as “(i) any actual or suspected incident involving Other Party Information System that may involve Sensitive Information”. With such a short notification window, triggered by even a “suspected incident”, it is essential that you have a standard response plan. Every second counts.
The five measures identified above are a great starting point to securing your data and cyber environment. Projects and agencies have varying and complex regulatory frameworks.
Our national Data Privacy and Cybersecurity Practice Group is familiar with these requirements and is available to assist you through implementation. Our team can also assist with ongoing project management concerns. If you would like to learn more about how to implement these changes and stay ahead of your competition, please reach out to us.