Information security for the built asset industry
Key perspectives from our expert
As data management and data collection moves online, there is an increasing threat of security breaches that can devastate businesses.
The construction sector is experiencing a 800% increase in data breaches. Adopting a digitalisation strategy is no longer a ‘nice to have’ for organisations looking towards success for their built asset lifecycle. As the industry continues to evolve, innovative software solutions are advancing and providing crucial support for a range of tasks, from data management, to BIM and beyond.
We asked Ralf Hundhammer, Chief Technology Officer at Thinkproject, for his thoughts on a series of information security questions. Ralf has more than 20 years of experience in the subject and provides valuable insights.
Q: If you were a business new to information security, where would you start when it comes to safeguarding your data and implementing an information security strategy?
A: Creating a security strategy sounds daunting, but like every process, it can be broken down into smaller parts that combine to work together. Firstly, it is important to take a step back and get to know your data. Understand why you have it, and why you need it. Is it necessary to have this data? Can you encrypt it? These are some questions to think about. Understanding what data your company handles will help you and your security team evaluate the associated risk and protect it in the appropriate way.
Speaking of your security team, ongoing training is crucial to keep them up to date. New threats emerge regularly, and your team need to be aware of those. Invest the energy into developing your security team, because a data breach is far more costly. This also goes for your wider workforce- the whole company should be able to assess a potential threat, whether that’s through regularly simulated phishing attacks or periodic password changing. Think about your physical space too, for instance, at Thinkproject we operate on a clear desk policy and paperless offices, meaning there is less information lying around.
Once these are in place, the rest should come naturally. Create clear information security policies, practice strong authentication methods and make sure everything is kept updated. Prepare your incident response plan, get audited and build on your strong foundation of knowledge to get those accreditations that tell the customer you’re a security-conscious business.
Q: Cyberattacks continue to become more sophisticated. What do you think the biggest risk is, and how should the industry tackle it?
A: One of the biggest concerns is the potential compromise of critical infrastructure and sensitive project data. With the widespread use of integrated systems, cloud platforms, and Internet of Things (IoT) devices, the reach of an attack has expanded massively. By combining strong technical defence with an educated workforce, organisations can effectively mitigate cyber risks and safeguard its critical assets.
Just as technology continues to evolve, unfortunately so does the sophistication of attacks. Your ISMS needs to be reviewed regularly and be flexible enough to accommodate changes as the attacks continue to advance. It’s a balancing act between being ready to adapt, and sticking to a clear roadmap that your whole organisation can understand.
Organisations should prioritise collaboration and information sharing between businesses, as well as partnering with cyber security experts so that the industry can be as informed as possible. When we are all working together the risks can be mitigated, particularly with any ‘lessons learned’ that are valuable for other businesses to be aware of.
Q: What best practice does Thinkproject have in place to protect the customers it works with?
A: Since our founding we have taken information security very seriously. As a German-owned and Europe-based business we are extremely well versed in information security! Our Compliance Team go to great efforts to ensure our entire workforce completes regular training on GDPR, ISMS and our contingency plans.
Don't get caught out with a weak security strategy!
Find out more on how to protect yours and your customers’ data in our whitepaper.
Event
Connected Data Ecosystem
Thinkproject Live London 2024
Register nowMark Your Calendar: Thinkproject Live's Debut Event in London on October 15, 2024!
-
Webinar
Connected Data Ecosystem
Introducing the Thinkproject Built Asset Lifecycle Platform Recording
Watch webinarFind out more about our new Platform strategy and benefit from the new features.
-
Blog
Information Security
C5 attestation: An important piece in any security framework
Read moreAccording to research by Bitkom, it was estimated that Germany alone was to lose 206 billion euros from cyberattacks. Find out why the C5 attestation can help keep you secure.
-
Webinar
Connected Data Ecosystem
Data-driven construction
Watch webinarExplore how analytics reshapes decision-making and strategic planning, and why it’s indispensable in today’s construction environment.
-
Blog
BIM
What is Building Information Modeling
Read moreBIM has proven itself to be more than just a buzzword, we can safely say Building Information Modeling is here to stay. In this blog we will explore the fundamentals of BIM and supply a comprehensive run-through to help those on their journey to becoming BIM experts.
-
Webinar
Virtual platform & innovation roadshow
Watch nowRewatch our first virtual platform & innovation roadshow, which unveils our new centralised platform, showcasing all our solutions within a unified ecosystem.
-
Webinar
Health & Safety
Building safety beyond construction
Watch webinarOur webinar addresses the inadequacies of current information management practices in ensuring long-term building safety and legal compliance, advocating for a comprehensive approach that spans the entire lifecycle of a building.
-
Webinar
Built Assets
Effective asset management of critical assets
Watch webinarKent County Council delves into Kent County Council’s digital transformation journey and how they are using Thinkproject to manage and oversee their critical tunnel assets.
-
Webinar
Information Security
Mastering information security in the construction industry
Watch webinarRobust security measures are imperative in the age of digitalisation. With an information security strategy, companies can protect their valuable data and avoid costly security breaches. We discuss this further in our webinar.