Few would dispute the fact that the architecture, engineering, and construction (AEC) industry today is using some of the most innovative pieces of technology available to deliver projects. The emergence of a wide array of digital design technologies is revolutionizing the industry and setting a new normal for project speed, quality, and cost.

Firms are investing heavily in technology, infrastructure, and training needed to properly leverage these new tools and businesses are becoming increasingly dependent on the availability of systems and data. However, in this day and age, gearing up with new cyber-systems is not, in and of itself, sufficient to safeguard a firm’s plan for continued success, growth, and profitability. The threat of cyber-crime is becoming all too real and all too prevalent, even in an industry as seemingly benign as AEC.

Cyber-security threats are increasing in our industry and threatening firms’ abilities to sustain productive workflows, profitability, or worse. The threats can come in many forms, from hacktivist penetrations to fraudulent wire transfer email scams, to ransomware and even Advanced Persistent Threat* attackers.

While much can be done to strengthen your systems to guard against these threats, no amount of hardening can absolutely prevent a break-in. The following must be addressed to secure your digital assets:

• network configuration errors
• poor user judgment
• insecure software
• top level critical security controls

Cyber security is not to be approached from a position of fear; it should be regarded as a proactive, strategic business practice. Now (and every day) is the time to evaluate your security controls and ability to recover your systems from a security breach.

*An advanced persistent threat (APT) is a network attack in which an unauthorized entity gains access to a network and stays there undetected for a long period of time. In general, the intention of an APT attack is to steal data rather than to cause damage to the network or organization.