Information security for the built asset industry
Key perspectives from our expert
As data management and data collection moves online, there is an increasing threat of security breaches that can devastate businesses.
The construction sector is experiencing a 800% increase in data breaches. Adopting a digitalisation strategy is no longer a ‘nice to have’ for organisations looking towards success for their built asset lifecycle. As the industry continues to evolve, innovative software solutions are advancing and providing crucial support for a range of tasks, from data management, to BIM and beyond.
We asked Ralf Hundhammer, Chief Technology Officer at Thinkproject, for his thoughts on a series of information security questions. Ralf has more than 20 years of experience in the subject and provides valuable insights.
Q: If you were a business new to information security, where would you start when it comes to safeguarding your data and implementing an information security strategy?
A: Creating a security strategy sounds daunting, but like every process, it can be broken down into smaller parts that combine to work together. Firstly, it is important to take a step back and get to know your data. Understand why you have it, and why you need it. Is it necessary to have this data? Can you encrypt it? These are some questions to think about. Understanding what data your company handles will help you and your security team evaluate the associated risk and protect it in the appropriate way.
Speaking of your security team, ongoing training is crucial to keep them up to date. New threats emerge regularly, and your team need to be aware of those. Invest the energy into developing your security team, because a data breach is far more costly. This also goes for your wider workforce- the whole company should be able to assess a potential threat, whether that’s through regularly simulated phishing attacks or periodic password changing. Think about your physical space too, for instance, at Thinkproject we operate on a clear desk policy and paperless offices, meaning there is less information lying around.
Once these are in place, the rest should come naturally. Create clear information security policies, practice strong authentication methods and make sure everything is kept updated. Prepare your incident response plan, get audited and build on your strong foundation of knowledge to get those accreditations that tell the customer you’re a security-conscious business.
Q: Cyberattacks continue to become more sophisticated. What do you think the biggest risk is, and how should the industry tackle it?
A: One of the biggest concerns is the potential compromise of critical infrastructure and sensitive project data. With the widespread use of integrated systems, cloud platforms, and Internet of Things (IoT) devices, the reach of an attack has expanded massively. By combining strong technical defence with an educated workforce, organisations can effectively mitigate cyber risks and safeguard its critical assets.
Just as technology continues to evolve, unfortunately so does the sophistication of attacks. Your ISMS needs to be reviewed regularly and be flexible enough to accommodate changes as the attacks continue to advance. It’s a balancing act between being ready to adapt, and sticking to a clear roadmap that your whole organisation can understand.
Organisations should prioritise collaboration and information sharing between businesses, as well as partnering with cyber security experts so that the industry can be as informed as possible. When we are all working together the risks can be mitigated, particularly with any ‘lessons learned’ that are valuable for other businesses to be aware of.
Q: What best practice does Thinkproject have in place to protect the customers it works with?
A: Since our founding we have taken information security very seriously. As a German-owned and Europe-based business we are extremely well versed in information security! Our Compliance Team go to great efforts to ensure our entire workforce completes regular training on GDPR, ISMS and our contingency plans.