In the construction industry – there are a lot of moving pieces. Literally. From traveling executives to sales staff, project managers and superintendents moving from job site to job site, it’s no wonder that construction companies are behind the curve with regard to technology. Intermingling BYOD and company-issued devices with employees who are contractors or constantly on the road traveling and it has the potential to be an IT security nightmare. Across the nation and the globe, construction employees are looking for better ways to connect with the office and along the way they’re opening up massive security holes. Here are a few common ways that construction employees are compromising IT security and what you can do you protect your organization.
- Using unauthorized apps to manage projects or job tasks.
BYOD is something that many construction companies have embraced, more out of necessity than anything. You have employees on the road that you need to communicate with – and you can do that most efficiently through their device. But how should you mitigate the risk associated with this? We address some of those concerns in our blog about mobile security and project management, but the reality is that you need to have a BYOD policy and clearly delineate which apps are approved and which aren’t and protect all devices with an access code. While this may not be as big of an issue on iOS devices, CNBC recently reported on hackers hijacking the app download process and installing malware, which could access all that device data.
- Visiting unauthorized sites on company devices.
We’ve discussed the importance of internet security policies before, but too often in the construction industry, laptops and tablets are treated as personal use items and employees use the devices to access sites that could contain malware. Even the most diligent employee can quickly be fooled by a phishing attempt and be tricked into entering their e-mail access information or other secure data, opening up the entire organization to potential threats.
- Storing business data on personal cloud services.
Before the cloud became popular employees took physical copies or work home or copied work onto a USB flash drive (or even a 3.5” disk) – this allowed them to work on the data and bring it back, but also left the business exposed incase the employee lost that disk, drive or paperwork. The same exposure and risk applies today, as employees copy business files to their personal cloud storage account – like Dropbox or Google Drive, but if their password isn’t secure or their anti-virus isn’t updated on their home computer, they could easily compromise their login information and your data would be at risk as a result. It’s very important that your employees keep their passwords secure and that you implement a policy for how employees handle your data.
- Leaving business hardware unsecured on the job site.
Project managers are natural multitaskers. They are continually managing contractors, employees and materials as they come onto the jobsite and as a result, often have to walk away from their laptop or mobile device. It’s important that your employees understand the importance of logging out and securing their devices when they leave them or bringing the devices with them as they move around the jobsite. Something as simple as an open spreadsheet or complex as proprietary plans and material sourcing is something that you want to keep away from the eyes of subcontractors or other employees.
- Sharing sensitive plans or information with contractors.
On that note, you want to make it abundantly clear that any proprietary information shouldn’t be given out to third parties. Subcontractors should only have access to the information required to do their job. Despite stringent guidelines, some employees make the honest mistake of disclosing more than they should to the contractors that they work with. It’s important that your employees understand exactly what the repercussions can be for themselves and your business. The more they understand, the more likely they are to uphold your policies and keep your data safe.
Your employees are skilled in their jobs, but too often individuals are very trusting and leave their personal or work devices as an open target. Employee training, clear cut policies and guidelines and education on IT security are of the utmost importance. Arm your employees with the tools they need to help you maintain security and you’ll feel comfortable providing them with devices that will help them to do their job more easily.