First published in the January 2021 issue of Quarry Management
As construction companies digitize more of their operations and take advantage of the many benefits this brings, cybersecurity becomes an increasingly effective support. Guy Dulberger, vice-president of information security at auctioneers Ritchie Bros., explains why the topic is so important and outlines some of the steps businesses can take to ensure their online operations stay effective
Digital transformation has traditionally been slower in construction than other sectors but lockdown measures imposed to curb the threat of COVID-19 have brought about a dramatic shift in the way equipment is bought and sold. In the first six months of 2020, more than 300,000 pieces of equipment were sold on Ritchie Bros.’ online channels to buyers in 140 countries – and with buyers and sellers becoming accustomed to the convenience and broader opportunities offered by online equipment auctions, this trend is likely to continue.
As construction companies move operations online, they also need to step up their cybersecurity. Having decentralized IT systems with teams located in many different places makes construction companies more vulnerable to cyber-attacks and recovery of information more complex. The Wall Street Journal reported that, for this reason, construction companies are among the most likely to pay ransoms to restore access to their computer systems. Similarly, TechHQ reported that construction companies, including quarrying and mining firms, are particularly prone to phishing attacks, where criminals seek to fraudulently obtain passwords or other confidential information. Impersonation attempts to extract either money or information are also on the rise.
With hundreds of thousands of transactions via our e-commerce platforms and tens of millions of visits to Ritchie Bros.’ website made each year, we take cybersecurity very seriously at Ritchie Bros. We also gather large amounts of data that we make available to customers via insight tools, such as our Market Trends module or Ritchie Bros. Asset Solutions service, so it is vital we keep it safe. Our Cybersecurity Operations Centre works closely with our data privacy team and every other part of the business to ensure that happens. As technology evolves, so do the threats and the measures we can take to mitigate them, so we make a point of staying up to date with all the latest trends.
How to protect your business
We have a long-established cybersecurity department at Ritchie Bros. that has been embedded into our company over many years to keep our operations and our customers’ data as safe as possible. There are several procedures our customers can implement to reduce risk to their own organizations. The first step every company should take is to develop an anti-fraud and data-protection strategy with policies and governance for handling detection, protection and response, and appoint at least one team member to stay on top of emerging threats and the company strategy.
There are various legal regulations when it comes to the protection of personal data. Since the EU introduced the General Data Protection Regulation (GDPR) in 2018, all companies operating in Europe must by law report any data breaches and those who do not face large fines. The designated team member could be someone in house, an external consultant, or a combination of resources, depending on company size and preference.
At the same time, companies should invest in software from a trusted provider and update it regularly as threats evolve. This will ensure they stay protected against malware and ransomware, and detect and prevent common email phishing and impersonation scams. Machine learning (ML) and artificial intelligence (AI) can also help with detection and response efforts. While it may seem painstaking at first, a zero-trust security approach, where no one is trusted from inside or outside the network without verification, will soon become an accepted part of your processes and go a considerable way to helping protect your business.
Another important consideration, particularly with the impact of COVID-19, is team members working from home or from multiple locations. For construction companies, it is normal to have people working from the office, job site or home, meaning the IT network is fragmented. As such, it is essential to educate colleagues on the role they play as individuals in protecting the company from cyberattacks. For example, for the increasing number working from home, they should ensure their Wi-Fi is secure, trusted antivirus software is installed on their workstation, avoid sharing computers with children or others, and remain cautious about the information they share and with whom. Overall, employees can do a lot to mitigate risks and ensure a company’s online operations continue to function at their best efficiency level.
Transitioning to the digital world is opening new opportunities to construction companies and those that take advantage stand to gain the most. It is important, therefore, not to be scared off by the need for cybersecurity or to focus too strongly on the potential risks. Good cybersecurity is like any other aspect of good business practice. It all starts with awareness and putting actions in place so you can safely use the powerful technology that is available today.
- Subscribe to Quarry Management, the monthly journal for the mineral products industry, to read articles before they appear on Agg-Net.com