top of page

Top Tips for the Construction Industry to increase their Cyber Resilience

The construction sector might not be the first industry which comes to mind in relation to digital threats, however with the low margins the industry operates within, any disruption in operations could have a huge impact.

Image of someone working within construction

And these disruptions could be as simple as receiving a phishing email, which gets reported and takes all of 30 seconds to deal with, but as catastrophic as having ransomware stealing sensitive data and then encrypting it so no one can access any system.

How much money would that cost your business?


Our top tips?

- Get the basics right. Make sure that you have implements the fundamental cyber security controls. If you are not sure what they are have a look at the NCSC’s Small Business Guide. They include:

  • Backing up your data

  • Malware protection

  • Keeping devices safe

  • Password management

  • Avoiding Phishing attacks

- Implement a culture change to emphasis the importance of cyber security from the senior decision makers, through your employees and even your contractors. We have a contractor’s guide which you can share. Make sure that all staff carry out Security Awareness Training, no matter their role. Many of the aspects that will protect your business will also protect your employees in their personal life. You can get free training online at the NCSC, in person through local policing or take advantage of our affordable CyberPATH service.


- Have a risk based approach to your suppliers. Consider using accreditations as a benchmark as to whether other companies have a level of security equivalent to yours. Refer suppliers/customers who needs some help with their cyber security to the ECRC. As a free resource we can help that company improve which helps you reduce your risk of dealing with them.


- Join our free business community. We have a free cyber course which breaks down key concepts into bite-sized chunks with specific actions for you to complete, a members only area where we share threat intel, information on data breaches and latest patches to be released.



ECRC logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page