New cyber guidelines to safeguard construction sector

The National Cyber Security Centre (NCSC) and the Chartered Institute of Building (CIOB) have launched new sector-specific cyber security guidance pitched at small and medium-sized businesses operating in the construction industry.

The Cyber security for construction businesses guide has not been compiled in response to any specific threat, but rather is a reflection of the fact that construction businesses present tempting targets for malicious actors because of the sensitive data they hold and the high-value payments they handle.

The tailored, practical advice reflects the building trade’s growing reliance on digitally enabled working, covering tools such as 3D modelling packages, GPS equipment and business management software. It also offers practical, stage-by-stage cyber advice for the construction process, from design to project handover, and sets out some of the more universal cyber threats that building firms face just as often as businesses in any other industry.

“As construction firms adopt more digital ways of working, it is vital to put protective measures in place to stay safe online – in the same way that you’d wear a hard hat on site,” said Sarah Lyons, the NCSC’s deputy director for economy and society engagement.

“That’s why we’ve launched the new Cyber security for construction businesses guide to advise small and medium-sized businesses on how to keep their projects, data and devices secure. By following the recommended steps, businesses can significantly reduce their chances of falling victim to a cyber attack and build strong foundations for their overall resilience.”

Caroline Gumble, CIOB chief executive, added: “The consequences of poor cyber security should not be underestimated. They can have a devastating impact on financial margins, the construction programme, business reputation, supply chain relationships, the built asset itself and, worst of all, people’s health and wellbeing. As such, managing data and digital communication channels is more important than ever.

“This guide provides a timely opportunity to focus on the risks presented by cyber crime, something that has been highlighted by the CIOB for some time. We’re now delighted to partner with the National Cyber Security Centre and the Centre for the Protection of National Infrastructure to produce another invaluable resource.”

The guidance package has been split into two parts, with the first aimed at helping owners and managers in construction understand why they need to pay attention to cyber security and why it matters, and the second aimed at providing more practical advice for staff with responsibility for IT equipment within construction companies and on building sites.

Its advice outlines seven steps for construction firms to boost their cyber resilience, and covers topics such as password hygiene, the importance of backing up devices, how to spot and avoid phishing attacks, working alongside partners on addressing potential supply chain security issues, and preparing for, and responding to, security incidents.