Close
  • About
  • IT Solutions
  • Industries
  • Cybersecurity
  • Resources
  • News
  • Careers
  • Refer Us
  • Payment Portal
  • Home
Get Support
Linkedin
Facebook-square
Twitter

ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
Industry-Specific Technologies

9 Ways A/E/C Firms Can Fortify Their Data, While Still Making It Accessible

By Guest Post 

A/E/C (Architecture/Engineering/Construction) firms often have a difficult task protecting their data across their teams, and keeping prying eyes from being able to access it. Because the industry has so many companies collaborating and working on a single project from joint ventures, vendors, and subcontractors, accessibility is a must; yet confidential and proprietary data need to be protected. Here are 9 suggestions on how can you protect your data while still being able to securely share it.

  1. Restricted File Access – One of your first lines of defense is actually in the design of your file and folder security structure on your company file server. You want to make sure people in your firm can only access the files and folders that they need access to. Most companies set these permissions up by departments (e.g. accounting, marketing, engineering) for easy employee onboarding and offboarding.  This design process is known as File Access Management, and there are services and software available to help make this easier and more efficient, especially for large build industry companies.
  2. Encrypted File Sharing – Now, a lot of the A/E/C firms share files with clients, subcontractors, and even vendors. They often use file-sharing applications like Dropbox, MS OneDrive, Anchor, etc. to share files outside of their organization. We suggest that when you do share these files across the public internet that you always send them securely, and make sure the share has an expiration date that determines how long someone can have access to the file or folder.
  3. Consistent Updates – Another key aspect of securing your data is being proactive and doing things such as keeping your operating systems & common applications up-to-date. This means that you should make sure you are consistently applying the latest security patches and critical updates that vendors release. These patches and updates will fix weaknesses and exploits that cyber attackers take advantage of to try and get access to your data.
  4. Robust Filtering – You can further fortify your network from outside attacks with web filtering and spam filtering tools. The spam filtering tools today are so robust that they can test and validate that attachments are not malicious before they hit your inbox. These email tools also give you the ability to send an email securely (by encrypting them) from Outlook and can even automatically send an email securely if it detects a credit card number, social security number, or even a confidential code word. Now add in the use of web filtering and you will further ensure your employees do not access inappropriate or potentially harmful websites that can infect your network.
  5. Cyberattack Protection – Also, A/E/C firms can be a sizable target for cyber attackers because of the volume of money passed through the company, number of employee records, and confidential information stored on servers. Ransomware can be especially disastrous for A/E/C firms because they usually attack large amounts of your data files by encrypting them, and then holding the encryption key hostage (if you want to unencrypt your files, you’ll have to pay the ransom!!!). Unfortunately, as fast as the security vendors come up with ways to stop and prevent the newest Ransomware attacks from happening, the malicious Ransomware creators find new ways to succeed just as fast.
    So what do you do when a Ransomware attack happens to your company? It is best practice to isolate the affected machine(s) from the network ASAP! Then restore data from the latest backup instead of paying the ransom. What to do if you don’t have good backups? I guess you’ll have to pay the ransom to get your data back, which can run thousands of dollars, and even then pray that the key they give you works! The lesson here is to follow best practices for backing up your data and making sure you have good backups by having them validated on a regular schedule.
  1. Proactive Hardware Management – It may surprise you that the majority of data loss is not caused by cyberattacks or even natural disasters, but around 78% of data losses are from a hardware or system malfunction (Source: Kroll Ontrack Data Recovery). This means the most likely reason you will lose any data is when a server, workstation, or other key piece of hardware that holds your data crashes. To mitigate this risk of data loss, we suggest a proactive approach to replacing hardware before it likely fails, known as Hardware Lifecycle Management. We especially recommend following industry best practices for this with Servers, PCs, Laptops, and core network equipment. A good IT firm will work with you to build and follow a Hardware Lifecycle Management policy for your company.
  2. Employee Termination Processes – As soon as an employee quits or is released, make sure to have all of his accounts disabled. Don’t forget to disable their VPN (Virtual Private Network) access on their workstations and mobile devices. You should also be able to wipe the company data on an employee’s smartphone in case it is lost or stolen.
  3. Lock Mobile Devices – One of the most effective ways to secure mobile devices is requiring a passcode to access the phone or tablet. This 3-second step does not impair productivity and ensures your data is protected if the device is in the wrong hands, even if their intent is not malicious. Requiring a passcode at login is much more effective than only asking for a username and password for specific applications.
  4. Ongoing Training – Finally, proper training of your employees goes a long way. Train them to know what your company policies are for protecting your data, and what they need to do to follow them. Take time to teach them things like what email attachments they should NOT open, never to share their passwords with anyone, and what to do when they make a mistake and break policy. Good training and open communications will help you prevent or immediately stop problems from happening throughout your business.

If you have any additional or specific questions about securing your A/E/C firm’s data while not impairing your employee’s productivity, contact me.


Architecture/Engineering/Construction IT

Related Articles


Industry-Specific Technologies
7 Tips to Easily Find Any Project File on Your Server in Seconds
Industry-Specific Technologies
How A/E/C Firms Use 3D Printing
Industry-Specific Technologies
Bots on the Construction Jobsite

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

3 Places to Backup Your Company's Data
Previous Article
Pros & Cons of Using a Dealer Management Software (DMS)
Next Article
  • Categories

    • Blog
    • Business & Technology
    • Cloud Technology
    • Cybersecurity
    • DR & Data Protection
    • Industry-Specific Technologies
    • IT Compliance
    • News and Events


Explore

About Us
IT Solutions
Industries
Get Help
Contact

Disclaimer

Privacy Policy
Terms of Use
Master Client Agreement

Locations

New Orleans
6620 Riverside Drive, Suite 200
Metairie, LA 70003
504-888-6948

Shreveport
347 W. Bert Kouns Industrial Loop
Shreveport, LA 71106
318-219-3427

ECS + MyIT Logo
Linkedin
Facebook-square
Twitter
© 2020 My IT. All Rights Reserved.
  • About
  • IT Solutions
    ▼
    • Outsourced IT
    • Hybrid/Co-IT
    • VOIP Phones
    • Cloud & Network Equipment
  • Industries
    ▼
    • Compliance
    • Auto Dealerships
    • Professional Services
    • Small Businesses
    • Government
    • Education
    • Construction
    • Non-Profit
  • Cybersecurity
  • Resources
  • Contact Us
  • Get Support
  • News
  • Careers
  • Payment Portal