Securing Your Data: Practical Cybersecurity Steps for the Architecture, Engineering and Construction (A/E/C) Industries

Three of the largest and most wide-ranging cyberattacks have occurred over the last few months. Attacks on SolarWinds, Microsoft Exchange and Colonial Pipeline garnered headlines around the world. Understanding of the issues and lessons learned from these massive compromises can be useful in helping A/E/C firms to be mindful of what is needed to protect their data.

As the corporate world is evolving and becoming more accepting of working remotely, every company is facing an increased threat of cybercrimes. The average cost of a data breach continues to rise and was more than $8 million last year. Many of our clients ask us what they can practically do to help protect their organizations. 

Create Cultural Awareness around Cybersecurity

Starting with higher-level management, make sure that employees are following company-established protocols when sending emails or posting on social media, as well as securing personal laptops and handheld devices. Undertake regular risk assessments and tests to make sure that cybersecurity practices are properly disseminated throughout the organization.

Take Reasonable Steps toward Cybersecurity – The Essential Eight

Our Redpoint Cybersecurity experts recommend that companies follow eight essential and proactive steps that establish and define the basic tenets of cyber hygiene. They are:

1. Application control
2. Application patching
3. User application hardening
4. Restriction of administrative privileges
5. Patching operating systems
6. Multi-factor authentication
7. Daily backups
8. Configuration of Microsoft Office® macro settings

Protecting Your Remote Employees

For A/E/C firms, remote workers are a mainstay of their operations. Because these employees are using mobile devices and networks, and with construction companies having so many employees in the field, having proper cyber hygiene while at home or on the road is critical. When working remotely:

• Secure passwords and other data as you would in the office,
• Increase the required complexity of passwords,
• Make sure all devices are up-to-date and running the latest versions of all software,
• Make sure your Wi-Fi network is secure and do not use open/free public Wi-Fi,
• Confirm your Wi-Fi requires a password,
• Use company-issued devices and systems,
• Only use personal devices for personal matters (e.g. personal email or accessing personal social media accounts),
• Secure personal computers and phones and avoid using them for work, and
• Implement anti-virus software on personal devices.

If you’re unsure on how to implement these best practices or proceed with improving your company’s cyber hygiene, our team at Redpoint Cybersecurity is here to guide you. Requirements surrounding the necessary cybersecurity measures and what to do when breached vary state-to-state or country-to-country, so be sure to engage competent legal counsel to help you navigate the demands of various jurisdictions.

For more information and for help securing your firm against cyberattacks, please contact Russell Safirstein or your Anchin Relationship Partner.