What AEC Firms Need to Know About Remote Work Data Security
With many employees suddenly working remote in light of COVID-19, an IT expert explains how firms can ensure their data remains secure
As much of the world has had to shift to a work-from-home model in light of the COVID-19 pandemic, companies across industries, construction included, have been forced to grapple with issues of cybersecurity and data protection.
This has put companies in the position of having to find balance between security and accessibility, so it’s as easy as possible for teams to effectively communicate and maintain high productivity while working in this new environment.
“Striking a good balance between security and access has always been a challenge for construction firms,” said Brian Chancey, CEO of The Scarlett Group, an IT firm in Jacksonville, Florida.
Working from home has compounded this challenge in several ways.
“First, employees are using home computers, networks and WiFi to access corporate applications and files,” Chancey said. “This broadens the potential attack surface by opening many more attack vectors, as home security weaknesses become enterprise network weaknesses.”
“Secondly, the requirement for collaboration, including video and screen sharing, has increased dramatically,” Chancey said, “causing a rush to platforms like Zoom and other similar platforms not connected to enterprise security in any way.”
“Third,” Chancey concluded, “global cyber-attacks have risen dramatically since the COVID-19 pandemic began. There are many opinions about this, but to our team it seems obvious that millions of new home workers, coupled with a community of hackers with more time on their hands, is a dangerous combination.”
These developments have caused many in the industry anxiety about the vulnerabilities of their critical data.
Transitioning to a digital workforce
While most companies have had to deal with this new reality, the construction industry has its own unique set of challenges.
“This is one industry where field work is a major component,” said Ali Touran, a professor at Northeastern University’s Department of Civil and Environmental Engineering. “While many in construction management rarely went into the field even before the crisis, work from home has meant that managers are even more explicitly removed from on-site work.”
Still, Touran said that work-from-home policies can have some surprising advantages. “Some engineers have found their productivity has increased because of the time saved commuting to the office,” Touran said. “In general, construction management firms have historically paid close attention to issues of cybersecurity. While some very large firms may use proprietary software, the rest use commercially available budgeting-and-scheduling software.”
Most companies already have access to the tools they need to successfully transition to a secure remote workforce, according to Chancey. The key strategies that can help manage the increased security risk of working from home include using Microsoft, an active directory connected file sync-and-share system, as well as a managed security provider, Chancey said. Implementing companywide training and awareness programs will also be required.
“There are many security-related features and components that come embedded in the Office 365 platform,” Chancey said. “There are a few that are included in the platform for free that are underutilized in the construction space.”
Among the most critical are two-factor authentication systems; the Azure Active Directory and security technologies, such as user self-service password resets that can help reduce IT workload; data loss prevention that can automatically prevent accidental sharing of sensitive information; and E-Discovery that can help organizations protect themselves by providing a single place for security officers or administrators to put a security hold on information or search and retrieve information.
Beyond taking advantage of the security features of Microsoft Office, Chancey suggests that organizations implement file sync-and-share systems. “Providing access to and managing versions of files is fundamental in the construction space,” Chancey said. “The concept of ‘any device, anywhere, anytime’ has never been more relevant than now after work-from-home mandates have been issued.”
FSS platforms allow this access in a safe way and include technologies that protect against ransomware and other computer-virus-related threats by including automated backup, retention policy and the ability to “revert” to previous versions in the aftermath of an attack.
Lastly, Chancey said that using managed security providers can add critical support to organizations working to increase data security. “Managed security firms generally have better tools, dedicated staff and mature operating models that can be leveraged inexpensively to solve the challenges of data security and make short work of securing work-from-home endpoints,” he said.
Whatever solutions companies adopt, Chancey said that it’s critical that firms implement a training-and-awareness program to inform workers of the critical nature of data protection, and that they describe these programs as the front line of security defense.
“No matter what technologies IT and security professionals implement, end users can easily and unknowingly invite harm in,” Chancey said. “A good training-and-awareness program is the most effective way to reduce this risk.”