Features - Business

Cyber Security in Construction

Cyber attacks and privacy threats are now a high-profile concern across all sectors, regularly dominating the headlines.

No business is immune to cyber criminals and hackers. The UK construction industry is exposed to cyber threats such as ransomware, phishing, hacking, computer viruses and more. UK Construction Media spoke to Rajesh Patel, B2B Manager UK & Ireland at Buffalo Europe, about the trends construction companies need to be aware of.

The challenge of digitising construction

The industry has always been known to be a hands-on sector: building infrastructure, mining, supply of products and more. Nowadays, most if not all companies store personal data all the time. And not only for marketing purposes – in all industries companies store such data somehow.

Construction firms are continually collecting data and using cloud applications as a way to manage projects, for example holding information on its client base and on current, past and future projects, including addresses and payment details. Though storing data in the cloud can be handy, it can be challenging – especially with concerns over where the security accountability lies.

One of the key challenges the construction industry faces is the constant battle against cyber criminals. There is always a new cyber threat happening and cyber criminals looking for weaknesses and loopholes where they can attack. British construction firms’ security and operations teams are under an enormous pressure in multitasking between managing the company’s infrastructure while detecting and preventing cyber attacks.

Furthermore, criminals and hackers are often attracted to targeting small and medium-sized enterprises (SMEs) due to the data collections such companies hold, which may be more vulnerable. No matter how big or small a business is though, cyber criminals will always be after sensitive and personal data, making the construction sector an obvious target.

Keeping the supply chain secure

Construction firms must recognise they are as much at risk as firms in any other sector as construction contributes enormously to the UK’s gross domestic product (GDP), making the industry a highly valuable target.

This means the construction sector needs to comply with the protection of the data it stores. This data needs to be stored systematically and protected from theft and misuse. Furthermore, British construction firms need to start preparing for the new EU General Data Protection Regulation (GDPR) which comes into force on 25 May 2018, as it applies to the processing of personal data.

The GDPR contains mainly information about how personal data should be processed and defines the roles of processor and controller of data. It also includes information on how to work with data protection by design and data privacy by default.

The British construction sector needs to be able to meet a GDPR data subject’s rights, which are as follows:

  • to be informed about data processing
  • to access their data
  • to rectify or delete their data
  • to take their data to another organisation

Data retention is also an important factor. Some types of data need to be deleted after a certain time period has expired, for example personal data collected in connection with a product purchase and associated warranty.

Additionally, there are other types of data that need to be stored for a minimum amount of time, such as certain financial data. In practice, this means that SMEs need to know where personal data is stored and be able to respond to data requests promptly. Those organisations that do not comply with the GDPR run serious risks in the event of a major systems breach, such as hackers stealing the contents of a customer database. Financial penalties can reach an upper limit of €20 million or 4% of annual turnover, whichever is greater.


If you would like to read more articles like this then please click here.