BIM to ensuring the security credentials of suppliers as part of this . This should include auditing their cyber-security framework before and throughout a project as well as verifying they have proper cyber-liability insurance in case the worst happens .
3 . Keep your IT equipment up-to-date . IT equipment ( including computers , laptops , tablets and mobile phones ) needs maintaining and servicing to ensure it works effectively and securely . This includes updating the software the equipment runs on and making sure all other installed software is always kept up to date with the latest versions . Although it sounds simplistic , failure to conduct these types of updates ( a process known as patching ) is a leading cause of breaches .
4 . Monitor and analyse anomalies and attack patterns . Log everything – every transaction , every privileged login to the fintech platform , every failed password attempt . In most cases , this can be critical to not just detecting and addressing a breach before it escalates into something bigger , but pre-empting similar points of entry or system constraints . This should also cover subcontractors ’ activities or negligence .
Obviously , this can entail a lot of data for busy construction and engineering firms to deal with so it can be useful to use a machine-learning tools to monitor events and correlate these logs – but appoint someone responsible for receiving , reading , and following up on it .
“
“
Day by day , newer threat variants are emerging
5 . Do not get complacent . If these measures are consistently in place , the good news is that the majority of standard cyberattacks are likely to be unsuccessful . However , that is not to say there is room for complacency – should your adversary have bespoke capabilities then they still may be able to find a way into your systems . With this in mind , it ’ s imperative to maintain a good understanding of what constitutes ‘ normal ’ activity on your network ensure a rapid response to even the slightest anomalies . As part of this , conduct pen tests ( a simulated cyberattack ) regularly ; not only do systems become less secure if not maintained properly but attackers become more sophisticated . If you haven ’ t pen tested , or used an external expert to assess your defences , the reality is you won ’ t know what you don ’ t know . ■
Chris Pottrell www . nebulait . co . uk
Chris Pottrell is founder and MD of Nebula , a leading IT firm specialising in providing IT support , cyber security and cloud migration services to a range of SME business sectors throughout the UK . Headquartered in Bristol , with a number of additional facilities across the South West , Nebula is built with an expert leading team and has a nationwide presence .
ccemagazine . com 31