top of page

Does your construction company have a website? And is it secure from cyber criminals?

A common misconception is that because the industry's focus is on physical work with bricks and mortar that their digital footprint is going to be fairly small.

So why is the construction sector now the most likely industry to face a ransomware attack?
Photo of model construction workers breaking into a pisture of some eggs on a smart phone

Regionally the whole sector has seen a significant shift in reliance to technology over the last decade. There have also been seismic shifts in relation to project delivery and how organizations operate. From office operations to activities on-site, technologies such as cloud storage, email and smartphones are commonplace.


Additionally, most construction companies now have a corporate website that is their digital gateway to the world. Construction sites (apologies) are usually fairly basic, and less likely to have an e-commerce section than other sectors. But a lack of understanding of cyber security can mean that they are often vulnerable to attack.


Because the industry doesn't regularly deal with personal data many companies wrongly believe that they are not a target for cyber criminals. But unfortunately, this is not the case. The industry presents a wide range of attractive opportunities for cyber criminals, and they generally hold a lot of valuable information that hackers would love to get their hands on.


A data breach could mean losing customers, destruction of reputation, legal liability for lost data and even financial ruin. Most companies cannot afford to take that chance. Given all of that, it is concerning that a recent Rival Security study reports that 84% of construction companies lack adequate IT security.

Is your website part of that 84%?

What is an FSWA and how can it help your business?

The First Step Web Assessment (FSWA) is a service that conducts a light touch assessment of your website’s security setup.


The set £250.00 fee is set to reflect that, with a £50.00 discount for charities and microbusinesses.


We will usually look to turn this service round in a few weeks and all we need is your website address (URL) to get going.


Our team use both passive and active reconnaissance techniques to assess your website, looking at how a cybercriminal would identify a vulnerable site. Passive reconnaissance seeks to gain information about your site without actively engaging with it, identifying outdated components and software that has been used to build it. The service then undertakes active reconnaissance through the use of automated scans to identify vulnerabilities not found through the initial tests.


You will then receive a short non-technical report (2-3 pages) to show any risks found on the site.

The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to help bolster your security further.


If you would like to know more, why not book a chat with us today?



What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation and customers. But all is not lost.


Here at the centre, we would recommend that you consider

  1. Join our community today as one of our growing number of free core members. You will be supported through implementing the changes you need to make to protect your organisation.

  2. Take a look at the First Step Web Assessment service and find out what you need to do next to make your business a no-go zone for cyber criminals.



Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need. Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page