Blog Kairnial

Kairnial advises on data security in the construction sector

Written by Kairnial Team | 27 July 2022

According to the French National Cybersecurity Agency (ANSSI), the number of cyber attacks increased fourfold in 2020. Today, data is essential for the vast majority of companies. But this digital data is targeted by a good many hackers. So, as you can see, securing company data is no longer optional, especially when you consider the negative impacts of a cyber attack. Moreover, IBM estimates that, in France, the average cost of a data breach for a company is €3.65m. Securing data has become crucial, and this also applies to the construction industry. This is because building & civil engineering works are becoming ever more digitized. Organizations must therefore protect themselves against the potential risks (computer viruses, cyber extortion, computer fraud, etc.).   

What is data security?

The term data security refers to all means used to prevent the theft of a company's data. This includes using suitable systems and adopting procedures and processes that make data inaccessible to hackers. 

Data security concerns individuals and professionals alike. In the latter case, the breaches can be of various types. They may involve external attacks, such as: 

  • des ransomwares ; 
  • common malware ; 
  • du phishing ; 
  • intrusions in software or on a website ; 
  • installations of pirate programs, etc.  

However, attacks can also be internal. This can happen in the case of a handling error by an employee or inadvertent disclosure of sensitive information by staff.  

Digitization is now an integral part of companies, which work on the Cloud, with SaaS applications or online digital platforms. As a result, hackers have several entry points to access the data records. Whilst these tools offer all sorts of advantages in terms of cost and efficiency, they require stringent IT security control to avoid jeopardizing the data of the company and its customers. 

Construction professionals, protect your company against cyber risks  

The building & civil engineering industry is becoming more digitized by the day and data has become essential for construction professionals. Today, we talk about digital modelling (BIM), data storage on platforms and connected devices for example. At the same time, there are still a lot of operators working on building sites. So data loss or attempted intrusion is a risk that must be taken on board on a day-to-day basis.  

Having access to a digitized work environment is an undeniable asset. But it also increases the risk of data degradation. The good news is that there are some cyber hygiene rules that can help protect you from cyber risks and ensure the integrity of your digital environment. 

Establish protection systems    

First of all, it is essential to set up data protection systems. This means that only the professionals concerned can access the information. You thus ensure that only authorized users can enter reliable information in the tools.  

Installing approval workflows is also an effective way to evaluate requests and limit user access to information. Organizing EDM (Electronic Document Management) with a nomenclature specific to the project or the corporate customer is also a solution.  

Implementing a strict procedure regarding access rights to your digital models can be effective. Finally, setting up gateways between tools or limiting them when necessary can also help you protect your data.  

Train employees on cybercrime issues

Employee training is of paramount importance for data security in the construction industry. The most common attempts are often triggered by phishing, web misuse and even incoming phone calls. Training staff in these techniques and explaining to them the procedure to follow should it occur is a particularly effective way to counter data breaches. 

On these occasions, you can remind them that it is important not to use unsecured applications without company IT oversight, such as WhatsApp or SMS. In the same way, using BYOD (Bring Your Own Device) should only be considered if the devices are effectively secured. 

Perform regular operating system updates  

Cyber threats, like hackers, are constantly evolving. You should therefore regularly update your devices and software to ensure that you do not leave any entry points for viruses or other forms of malware. 

Remember that software updates, in addition to updating functionality, are also a way to fix security bugs. Updating all systems is therefore an essential part of a company's security strategy.  

Hire an expert to guide you

Finally, you could consider employing a security expert to assist you in this area of your business. S/he will then be able to advise you in how to avoid cyber threats 

Similarly, using professional software publishers like Kairnial, who have experience in this area, is an excellent solution to take advantage of tailored advice on the entry and exit points of cyber attacks. 

Exit points: what about employees who leave the company?

In the construction sector, staff turnover is significant. Site engineers never stay with the same company for very long and often move from one competitor to another. However, it is your duty to ensure that information never leaves the site 

Often, employees who leave the company still have access to mailing lists, even once they have left. In most cases, this is passive access to information. The organization must therefore regularly monitor user access as well as access to documents 

Many companies provide solutions to control these exit points. In this case, with Kalidoc, you can control user access to your important documents. Kairnial provides you with tools for checking which people are authorized to access the project. If an employee resigns, s/he can be removed from the access lists with one click. One of our main challenges is to ensure that only the stakeholders involved in the project have actual clearance for accessing the Kairnial platform. 

Because the best way to form an opinion about our offer is to hear from those who already use it daily, we suggest you read about the case of data security at Icade. Find out how these professionals appreciated the support and guidance they received from us.