As construction companies digitise more of their operations and take advantage of the many benefits this brings, cybersecurity becomes an increasingly effective support. Guy Dulberger, vice president of information security at Ritchie Bros., explains why the topic is so important and outlines some of the steps businesses can take to ensure their online operations stay effective.
Digital transformation has traditionally been slower in construction than other sectors but lockdown measures imposed to curb the threat of Covid-19 have brought about a dramatic shift in the way equipment is bought and sold. In the first six months of 2020, more than 300,000 pieces of equipment were sold on Ritchie Bros.’ online channels to buyers in 140 countries – and with buyers and sellers becoming accustomed to the convenience and broader opportunities offered by online equipment auctions, this trend is likely to continue.
As construction companies move operations online, they also need to step up their cybersecurity. Having decentralised IT systems with teams located in many different places makes construction companies more vulnerable to cyber-attacks and recovery of information more complex. The Wall Street Journal reported that, for this reason, construction companies are among the most likely to pay ransoms to restore access to their computer systems. Similarly, TechHQ reported that construction companies are particularly prone to phishing attacks, where criminals seek to fraudulently obtain passwords or other confidential information. Impersonation attempts to extract either money or information are also on the rise.
With hundreds of thousands of transactions via our e-commerce platforms and tens of millions of visits to Ritchie Bros.’ website made each year, we take cybersecurity very seriously. Our cybersecurity operations centre works closely with our data privacy team and every other part of the business to ensure that happens. As technology evolves, so do the threats and the measures we can take to mitigate them, so we make a point of staying up to date with all the latest trends.
How to protect your construction business
We have a long-established cybersecurity department that has been embedded into our company over many years to keep our operations and our customers’ data as safe as possible. There are several procedures our customers can implement to reduce risk to their own organisations. The first step every company should take is to develop an anti-fraud and data protection strategy with policies and governance for handling detection, protection, and response, and appoint at least one team member to stay on top of emerging threats and the company strategy.
There are various legal regulations when it comes to the protection of personal data. Since the EU introduced the General Data Protection Regulation (GDPR) in 2018, all companies operating in Europe must by law report any data breaches and those who do not face large fines. The designated team member could be someone in house, an external consultant, or a combination of resources, depending on company size and preference.
At the same time, companies should invest in software from a trusted provider and update it regularly as threats evolve. This will ensure they stay protected against malware and ransomware, and detect and prevent common email phishing and impersonation scams. Machine Learning (ML) and Artificial Intelligence (AI) can also help with detection and response efforts. While it may seem painstaking at first, a zero-trust security approach, where no one is trusted from inside or outside the network without verification, will soon become an accepted part of your processes and go a considerable way to helping protect your business.
Another important consideration, particularly with the impact of Covid-19, is team members working from home or from multiple locations. For construction companies, it is normal to have people working from the office, job site or home, meaning the IT network is fragmented. As such, it is essential to educate colleagues on the role they play as individuals in protecting the company from cyberattacks. For example, for the increasing number working from home, they should ensure their wi-fi is secure, trusted antivirus software is installed on their workstation, avoid sharing computers with children or others and remain cautious about the information they share and with whom. Overall, employees can do a lot to mitigate risks and ensure a company’s online operations continue to function at their best efficiency level.
Transitioning to the digital world is opening new opportunities to construction companies and those that take advantage stand to gain the most. It is important, therefore, not to be scared off by the need for cybersecurity or to focus too strongly on the potential risks. Good cybersecurity is like any other aspect of good business practice. It all starts with awareness and putting actions in place so you can safely use the powerful technology that’s available today