top of page

Free Cyber Tools for Construction Firms

Are there any free cyber tools that my construction firm can use?

Fifty percent of the construction companies on mainland UK are in the East and Southeast of England. Construction is big business in The East and is a vital part of the regional and national economy. House building and infrastructure lead the way across our region, and it is a sector that is set to grow significantly over the next 3-5 years. And with critical national infrastructure projects like the Lower Thames Crossing and Sizewell C yet to start it is an exciting time to be part of this booming sector.

Image of builders on a building site
Builders on construction site

But more reliance on technology and general poor standard of cyber hygiene means that they are also a sector that are likely to attract the attention of cyber criminals. And yet, according to the Department for Culture, Media and Sport’s Cyber Security Breaches Survey 2022, construction didn’t fare as well as other sectors when it comes to how much importance it attaches to cyber security. For example, only 20% of construction firms are likely to have a board member taking responsibility for cyber security. The survey also identifies the construction industry as one of the sectors least likely to have cyber security rules in place, or to have looked to actively identify cyber threats to their business.

Where can I go for help?

Here at the Eastern Cyber Resilience Centre – a Home Office funded and police-led organization - we pride ourselves on providing free guidance and signposting for businesses across all sectors. Consequently we have a range of free guidance packages and tools that building and construction firms can access from the outset.

Carpentry tools on wall rack
Carpentry tools

ECRC Sub-contractors guide 2022 - a simple cyber guide to the key principles of cyber security and what you need to do now, free of charge to protect your business, customers and suppliers.

NCSC Cyber Action Plan - Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication and get a free personalised list of actions that will help you improve your cyber security. This is a great place to start your resilience journey and quickly identify areas that need improvement.

Incident Response Plan - To help you minimize the impact of a cyber-attack we have created a Cyber Incident Response Plan for you to use. Create a plan and then use Exercise in a box to test its effectiveness.

NCSC Exercise in a Box - An online tool which helps organisations test and practice their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it. It includes two exercises, a technical simulation, and a table-top exercise. You just need to register for an account. If you are not confident of running this aloe, your local cyber protect officer can help you for free (no strings attached). Contact us for more details.

NCSC Board Toolkit - Boards are pivotal in improving the cyber security of their organisations. The Board Toolkit has been designed to help board members get to grips with cyber security and know what questions they should be asking their technical experts.

NCSC Cyber Security Training for Staff - Your staff are your first line of defence against a cyber-attack. The NCSC has developed an e-learning training package ‘Stay Safe Online: Top Tips for Staff’ to help educate your staff on a range of key areas including phishing, using strong passwords, securing your devices, and reporting incidents.

Police CyberAlarm - help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It detects and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses.

What Next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and money as well as permanent loss of reputation. But all is not lost. Whatever you decide to do, doing nothing is no longer an option. Here at the ECRC we are already working closely with over 1200 organisations across the East of England – Small and Medium Businesses, schools and third sector organisations - them tackle the continually changing cyber threats that they face.

So come and join our community as free members and let us help you protect your organisation and your customers from the ever presents threats out there in the cyberverse. You’ll receive a monthly newsletter as well as our “Little Steps” emails giving easy to understand bite-sized guidance about how to protect your business. You can also access our affordable student services and Cyber Partners along with regularly updated cyber threat assessments.

Logo of Eastern Cyber Resilience Centre

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page