IT strategies can project your vital digital assets.
By Sumir Karayi
When most construction firms plan for jobsite security, it involves physical precautions: security fencing, locking gang boxes or even a posted guard or surveillance cameras. But what about digital security? The need to protect digital assets is more critical than ever. Our recent survey, “Getting Your House in Order” found that more than 80 percent of construction companies report having suffered at least one serious data breach in the last two years.
While most often the cybercriminal’s motivation is more mayhem than theft — such as ransomware and other attacks that cripple vital systems — the impact is no less severe. Cyberattacks of any kind can shut down an entire company for days or weeks, bring project progress to a halt and cause serious financial damage — not only from liquidated damages but also lost productivity and business.
As many firms work toward a digital transformation, introducing more and more technology to improve efficiency, reduce manual work and make data and documents more accessible on the jobsite, cybersecurity is becoming an even greater concern. Complicating matters, the remote nature of construction work, with so many laptops and tablets out in the field, makes it extremely difficult for construction IT teams to provide reasonable, practical security with conventional tools.
In fact, construction IT teams report having visibility and control over just 52 percent of their endpoint devices — the fewest of any industry — which means almost half are operating outside of IT’s scope. And, with 85 percent of construction IT teams struggling to secure remote devices, it’s easy to see how the problem can spiral out of control.
Not to mention, the greatest cybersecurity risks are no longer the kind of viruses and server hacks that traditional perimeter security can handle. Instead, cybercriminals have figured out the easiest route is to exploit endpoint vulnerabilities, attacking through unsecured, unpatched software and operating system flaws on individual users’ machines — flaws which data shows are likely present on an extremely large number of devices.
As digital transformation in the industry progresses quickly, construction firms must take swift action to secure their devices, or else they will risk falling victim to one of the hundreds of endpoint attacks that occur each year. Here are a few strategies that can provide the digital security construction firms need to protect themselves and their clients.
Move to Windows 10 and Prepare for Ongoing Servicing
With just a few months left on Windows 7 support, the pressure is on to upgrade. But construction firms lag far behind every other industry when it comes to upgrading to the latest, greatest OS, with just 66 percent of devices updated. Much of this stems from the fact that remote machines rarely come into the office for maintenance, so physically gaining access to complete the migration is a challenge.
But, thanks to Windows 10’s built in security features and regular patching protocols, this is one of the most effective steps any firm can take toward locking down digital assets and puts you a giant leap ahead of the game. Automated Windows migration solutions can help IT deploy Windows 10 to any machine, on premise or remote, by queuing up the update and deploying it automatically at a specified desired time — overnight or over a weekend. This means the upgrade can be made without IT even having to lay hands on the device, and it won’t interfere with job productivity.
It doesn’t stop there. After making the move to Windows 10, organizations need to know they will have to repeat the same effort on a regular basis to remain current and updated under Windows Servicing. By having a forward-looking update plan, that addresses and prepares for these updates, companies can protect themselves from future attacks.
Get a Handle on Endpoints
Construction IT teams have visibility and control over fewer endpoints than their colleagues in any other industry, partly due to the remote nature of the work. This lack of control means IT has no clue about endpoint status — what version of the OS, drivers or other software are installed or whether vulnerability patching is up to date. In most cases, end-users are free to install whatever software they choose, dramatically increasing the risk of an endpoint attack.
Implementing an endpoint device management solution can solve this problem, giving IT the visibility to see system status and query specific devices, as well as apply patching to keep endpoints up to date and working properly. With this approach, IT can also ensure that end-users don’t accidentally put the entire organization at risk with a single piece of rogue software — they’ll need the blessing of IT in order to install anything new.
On the other side of the coin, this kind of visibility and control enables field users to get help for IT issues faster and more efficiently. Since IT can query any device’s status, there’s no need to wait for end users to call in with system specs — IT can begin remotely troubleshooting and fixing the machine without requiring the user to bring the machine in for support.
Make Patching a Top Priority
It seems like such a simple thing — Microsoft routinely issues patches for OS and software vulnerabilities that are uncovered, and all that companies need to do is apply those patches to each machine. Yet, the average time to apply endpoint software patches is 102 days, and among companies that have suffered attacks, nearly 60 percent admit the culprit was a known vulnerability — one they knew about, but had not yet patched.
Construction companies clearly recognize the risk of patching failure, with more than 70 percent calling for greater investment in endpoint patching. But, the nature of distributed devices, many with irregular or unreliable connectivity, makes the process extremely challenging. Limited time and bandwidth for end users prompts many to ignore or disregard patching so that it doesn’t get in the way of job productivity.
By implementing an automated endpoint management solution, IT can take control of the patching process, optimizing patch deployment based on network bandwidth, end user usage patterns and device configuration. That means even devices that are powered on for just minutes a day and never make it into the office can get the maintenance they need to keep the entire company secure.
Jobsite (Cyber)security is a Team Effort
Construction firms know that completing any project requires a team effort between savvy engineers, efficient project managers and skilled tradespeople. But the same also is true when it comes to maintaining cybersecurity in the increasingly digital construction industry.
By getting IT security and operations teams on board, sharing the same tools and working toward the same goals, construction firms can work confidently, securely and efficiently, knowing their devices are protected wherever they go.
CEO Sumir Karayi founded 1E, an endpoint management company, in 1997 with the goal to drive down the cost of IT for organizations of all sizes. Under Sumir’s leadership, 1E has become a successful global organization with offices in New York, Ireland, Australia and Delhi. 1E is also a trusted partner, with 26 million licenses deployed across more than 1,700 organizations in 42 countries worldwide. For more information, visit https://www.1e.com/.