Let’s start with why does a construction company need to secure their company’s online bid process. First off, your data is the “blood” that flows throughout your entire company and many outsiders want it. Some want your data as a competitive advantage because knowing who your subs are on a project or their pricing can allow someone to outbid you since price is always a driving factor for construction proposals. Besides competitors in your industry, hackers want to add viruses, malware, and ransomware to your network, which they can charge you money to remove. At a minimum, a cyber-attack will slow down or potentially completely stop your employees from working.
You don’t want the difference between a win or a loss be from a competitor that undercut you by a thousand dollars because your confidential data got released or have a virus prevent you from accessing your data with a 4 pm bid deadline looming. (See 3 Types of Disasters that Can Destroy Your Business.)
9 Best Practices to Secure Your Construction Company’s Online Bid Process
Specific to Online Bid Process
- Stop Using Dropbox – Although being user-friendly, Dropbox doesn’t work well on an enterprise-level because it is based on an individual account holder, and if an employee leaves, many times their data disappears. Also, Dropbox doesn’t have the security you need for large commercial applications.
- Use Bid Management Software – We don’t suggest doing file transfers manually on your website or through FTP on a file server. Construction bid software has come a long way in the past 10-15 years and companies have started using the web for bids. We highly recommend using a construction bid software like SmartBidNet, Sage, Bluebeam, or Viewpoint. (Literally, there are dozens of different construction management applications to cover every specific need including company size, price point, market sector, geography, and capabilities.)
- Provide Subs & Vendors Individual Logins – Individual logins provide the most secure access because you can limit users to specific projects and block them as needed. Using a single password for everyone to download documents makes your confidential data easy to obtain and can breach your confidentiality with the client.
- Use Expiration Dates – Access to files should expire at a certain time, such as 15 or 30 days. Like having individual logins, this is an easy, free option to tighten up your file security.
Some construction bid software programs will integrate directly with CRMs (Customer Relationship Management) and construction management software seamlessly to prevent duplicate entry and potential data loss. Also, A/E/C industry-specific CRM programs like Cosential are adding more bid management functionality to their offerings. We’ve seen a consolidation of applications across every vertical, which drives down prices and makes companies more efficient.
Even when using a hosted, cloud solution for your online bid process, you need to secure your company’s network infrastructure to ensure that you’re protecting your data.
- Secure Firewall Access – Prevent bad traffic from hitting your network. Consider renting your firewalls (known as Firewall-as-a-Service or FaaS) instead of purchasing a firewall device. Many rental programs provide two firewalls for high availability [think immediate redundancy]. When renting a firewall, if your firewall goes is down, the second device provides immediate redundancy which keeps your company up-and-running instead of waiting for an IT professional to drive out to your location to swap out devices.
- Update Anti-Virus Regularly – Make sure your anti-virus and patches are up-to-date to seal out the majority of threats. When companies get lax with anti-virus, they become more susceptible to problems caused by viruses.
- Web Filtering – Limit your employees’ access to inappropriate and potentially harmful websites, such as adult content. You can even limit their access on mobile devices, as well as prevent them from streaming movies that use up data plans quickly.
- Email Filtering – Your biggest vulnerability to a network is user error. Many times a virus enters a network due to an employee unwittingly opening a bad email attachment. Email filters scan attachments and links, then removes any threats before they even hit your inbox. Removing it completely prevents anyone from opening the attachment accidentally.
- Email Encryption – Encrypt confidential emails (credit card numbers, account numbers, social security numbers, private data) and you can auto encrypt emails that use a specific buzzword like a project name, client name, or the phrase “bid price”.
A good IT firm can help you to secure your network to ensure your team can operate without any impediments. Allowing them to work efficiently and ensure your bids stay confidential. After all, technology should make your company leaner, allowing you to make a larger profit on each project.