Always a priority of any IT platform, security and data privacy is just as important in the construction industry as they are in banking. While financial information may not be as in-depth, our industry works on billion-dollar projects, with large amounts of money and account numbers changing hands on any given day.
As the construction industry shifts to a more technology-based approach with mobile, software, and multiple hosted applications, security and data privacy has become a critical component of every part of the construction process.
It’s no secret that the right construction software sets you and your business up for success, having a direct effect on the management of estimates, bids, timelines, payroll, and more. Integration of these solutions is critical, along with a common security vision and model. By using non-integrated software solutions, you can experience additional security risks posed by having a multitude of solutions, supplied by different software companies, each with their own security model and vision. By using an integrated solution, you will be leveraging a common view of security and, in most cases, 1-2 common technology platforms, which can reduce your attack surface and thus measurably reduce risk of attack from cyber criminals.
Organizations that have not invested in hardened, integrated digital solutions are putting their companies and the many clients they service at risk. Sensitive documents, account numbers, customer information, and anything else that needs to be protected is at greater risk, potentially giving “hackers” an all-access pass. A strong, secure back-end technology is essential to keeping your hard-earned business safe.
Earlier this year, Viewpoint unveiled its cloud software solution, Viewpoint Enterprise Cloud, a cloud-based ERP that allows access anywhere at any time. With the ability to have complete visibility of your business from any device, you can stay in control of projects, budgets, timelines, and more.
Creating and implementing an effective security strategy and program is difficult and expensive, creating difficulty, especially for companies that don’t already have an IT team in place. Even with a full time IT organization, the unique skills of cyber warfare and security experts are often difficult and costly to keep on staff full time. Combined with this is the difficulty and cost to set up appropriate process and technological security controls, such as full audit trails, IDS/IPS, SIEM, SecDLC, etc. When you put it all together, unless organizations are willing to invest many hundreds of thousands of dollars in an information security program, those organizations will be more vulnerable than cloud providers for whom security is not an afterthought, but rather a way of doing business day in and day out. With Viewpoint Enterprise Cloud, you no longer need to invest considerable time and funding into securing your ERP and related systems: our security experts, appropriate controls, and hardened data centers will do that for you. Besides partnering with one of the top tier providers of cloud services in the world, our security controls and audit processes are significant and include annual “red team” penetration testing by independent, third party, defense cyber warfare experts; testing that has resulted in no major issues ever reported.
Another security concern relates to the proliferation of BYOD and the wide range of devices that are used to access corporate data. In many cases, these devices are not locked down with appropriate device management solutions and controls, putting companies at greater risk of compromise to attacks such as phishing scams. Phishing scams have become one of the most common types of cyber attacks methods, making up 90 percent of construction security breaches. A phishing attack usually involves an email, or a prompt for a user to click a link that in turn gives an attacker access to the user’s system and/or login and password information.
To stave off attacks, each user should have a specialized set of security solutions installed on every device used to access corporate data, including a Mobile Device Management (MDM) solution, and anti-malware solutions for platforms such as Android, Windows, Linux, and Mac OS X. It only takes once for a cybercriminal to gain access to an entire enterprise. In addition, encryption is key to ensure data that is stored on mobile devices and traditional systems is protected and resistant to compromise if the computing device is ever stolen. Determining permission and access levels for each part of a project and segment of a business only allows those who need access to have it – following the principle of “least-privilege”. Your users should only have access to those areas that they need to perform their job duties, and nothing more. As such, understanding what your employees’ roles are and what they need to do is critical.
Viewpoint’s application architecture employs a sophisticated authentication system to guarantee only authorized users can access the system and perform set actions. All actions that take place within Viewpoint construction software are traceable and able to be audited. Data is never stored on public-facing web servers, but within a private single-tenant environment. This provides another layer to a solid defense in depth strategy.
Beyond the software
Beyond cyberattacks, data security also lies in educating employees. Make it clear what type of information is permitted to be shared and what is not. Communicate company policies on secure data sharing, create non-disclosure agreements, and enforce protocol.
Regularly upgrading to the latest versions of your construction management software ensures that no out-of-date platforms are creating vulnerabilities. In addition, any plug-in or app that employees use should be vetted to ensure data is not being shared unwittingly.
Viewpoint’s investment in a secure infrastructure eliminates weak spots and points of failure to give our customers and their clients peace of mind. For more information on how integrated software can help your business, reach out directly or get in touch via Facebook or LinkedIn.