Blogs
Information security for the construction sector
Key perspectives from our expert
We asked Dr. Ralf Hundhammer for his thoughts on a series of information security questions. Ralf has more than 20 years of experience in the subject and provides valuable insights.
Looking for comprehensive insights into information security and keeping you, your customers and your stakeholders safe from malicious attacks? Download our Information Security e-book today and stay informed!
Q: If you were a business new to information security, where would you start when it comes to safeguarding your data and implementing an information security strategy?
A: Creating a security strategy sounds daunting, but like every process, it can be broken down into smaller parts that combine to work together. Firstly, it is important to take a step back and get to know your data. Understand why you have it, and why you need it. Is it necessary to have this data? Can you encrypt it? These are some questions to think about. Understanding what data your company handles will help you and your security team evaluate the associated risk and protect it in the appropriate way.
Speaking of your security team, ongoing training is crucial to keep them up to date. New threats emerge regularly, and your team need to be aware of those. Invest the energy into developing your security team, because a data breach is far more costly. This also goes for your wider workforce- the whole company should be able to assess a potential threat, whether that’s through regularly simulated phishing attacks or periodic password changing. Think about your physical space too, for instance, at Thinkproject we operate on a clear desk policy and paperless offices, meaning there is less information lying around.
Once these are in place, the rest should come naturally. Create clear information security policies, practice strong authentication methods and make sure everything is kept updated. Prepare your incident response plan, get audited and build on your strong foundation of knowledge to get those accreditations that tell the customer you’re a security-conscious business.
Q: Cyberattacks continue to become more sophisticated. What do you think the biggest risk is, and how should the AECO industry tackle it?
A: One of the biggest concerns is the potential compromise of critical infrastructure and sensitive project data. With the widespread use of integrated systems, cloud platforms, and Internet of Things (IoT) devices, the reach of an attack has expanded massively. By combining strong technical defence with an educated workforce, organisations can effectively mitigate cyber risks and safeguard its critical assets.
Just as technology continues to evolve, unfortunately so does the sophistication of attacks. Your ISMS needs to be reviewed regularly and be flexible enough to accommodate changes as the attacks continue to advance. It’s a balancing act between being ready to adapt, and sticking to a clear roadmap that your whole organisation can understand.
Organisations should prioritise collaboration and information sharing between businesses, as well as partnering with cyber security experts so that the industry can be as informed as possible. When we are all working together the risks can be mitigated, particularly with any ‘lessons learned’ that are valuable for other businesses to be aware of.
Q: What best practice does Thinkproject have in place to protect the customers it works with?
A: Since our founding we have taken information security very seriously. As a German-owned and Europe-based business we are extremely well versed in information security! Our Compliance Team go to great efforts to ensure our entire workforce completes regular training on GDPR, ISMS and our contingency plans.
We pride ourselves on our robust measures to ensure the safety of data for our customers, employees and business. Our handy chart shows the measures we have in place, and how these are regularly assessed and updated.
Download our e-book today
Visit our Trust Centre
Find out how Thinkproject is committed to keeping your data secure through our Trust Centre.
Want to know more?
Webinar
