builder using a tablet and walkie talkie on a construction site

A guide to cyber security safety in real estate and construction

A guide to cyber security safety in real estate and construction

3 Minute Read

Cyber security attacks are on the rise, and the real estate and construction sector is not immune to the threats. Understanding where your business might be vulnerable and shoring up your defenses will ensure you’re safety and that of your information. Whether it’s implementing two-factor authentication or developing a security culture to raise awareness, there are a few easy steps every business can take to prevent falling victim.

Cyber security is often one of the last things that come to mind when thinking about the real estate and construction sector. Trades and technology aren’t two things that typically coincide, but as businesses evolve and optimize their processes, adopting and integrating varying technologies is becoming more and more necessary.

Ever year, one in five small Canadian businesses is the victim of a cyber attack. More than one third of those businesses estimated the cost of the attack at more than $100,000 and 20 percent were unsure what the breach would cost them.

Fear, uncertainty, and doubt are often the tactics used to scare organizations into caring about cybersecurity. And while this can be an effective way to get businesses to act, learning more about what cyber attacks look like and how to safeguard against them allows for a more thoughtful approach.

Why you should care about cyber security

When trying to understand what it is and how it might impact you, it may be easiest to compare cyber security to workplace health and safety protocols.

There have been significant developments in the last 50 years in workplace health and safety that have drastically reduced workplace incidents and made organizations safer as a result. Health and safety protocols are now commonplace because their effect is evident and the culture, mission, and metrics for success within the business are dependent on the safety of their employees.

When an organization approaches health and safety as a core component of their business rather than an afterthought or in response to an incident, work is done more safely, and processes are developed with keeping people safe in mind.

The same applies in the cyber security space. Being proactive and taking the time to understand what aspects of your business might be vulnerable will help establish a roadmap for where to shore up your defenses.

Is your organization cyber safe?

From ransomware to increasingly persuasive phishing schemes, cyber crime is a global issue, and it’s on the rise. With the average cost of a data breach coming in at over $5.4 million for Canadian businesses, you need the peace of mind that your digital assets, finances, and reputation are secure.
Do you understand your cyber security risks? Answer a few quick questions to find out.

How to secure your business from the threat of cyber attacks

Scammers, hackers, and malicious actors aren’t always pursuing things we would assume are valuable like financial information or intellectual property.

Criminals will often take information that’s valuable to the operation of the organization and hold it for ransom – it might not be valuable to anyone else but it’s valuable to you.

Impersonation can be an area of concern, particularly for the construction sector. Back in 2017, Edmonton’s MacEwan University paid nearly $12 million to a criminal impersonating a construction contractor after the university fell victim to a phishing scam.

In that case, the university failed to verify an email request to change banking information. The scam was only discovered after the real contractor, Clark Builders, failed to receive three payments, including one for more than $9 million.

There are a few simple steps that any organization can implement to help boost safety and resiliency of their cyber security.

Here are five fundamental components that every organization should consider implementing to help protect against cyber attacks:

  1. Develop a security culture and raise awareness: A culture where individuals play a part in the protection of the organization’s information is crucial. If employees are encouraged to spot and report security concerns and are rewarded or praised when they do so, they’ll be less likely to sweep something under the rug or pass it off as unimportant. A culture where individuals are punished for accidentally falling victim creates a sense of self-preservation and will result in security concerns going unreported.
  2. Implement multi-factor authentication wherever you can: Multi-factor authentication (also known as 2-step or 2-factor authentication) is a simple process where an individual validates their authentication beyond a username and password when logging into a system or service. It can be as simple as a six-digit code via text message, an authenticator app (like Google or Microsoft authenticator), or a fingerprint scanner. This means if a malicious actor compromises the credentials of an individual in the organization, the MFA is an additional step that prevents them getting access.
  3. Implement a zero-trust strategy to information: Individuals in your organization should only be given access to information on a business need-to-know basis. Consider employing the “trust but verify” approach everywhere, meaning when someone is carrying out a request (like changing account information of a vendor or supplier), a process exists to follow-up and verify the request. It’s important to not assume that any request, even from someone you recognize, it automatically legitimate.
  4. Develop a simple process to identify and report a security concern: For more people, cyber security is a very complicated subject and implementing complex ways to report a concern or expecting individuals to understand all the emerging threats is unrealistic. Instead, implement a simple set of rules and a simple process to spot and report a concern, like a shared email inbox.
  5. Use a password manager to improve the strength of account security: Finally, account security is paramount to maintaining a secure organization and passwords are right at its core. Implementing an organization-wide password management tool (like LastPass or Dashlane) will ensure every password is unique and complex enough to remain secure. It also makes it easy to give access to shared services and keep track of account information within the organization.

Focussing on the benefits of embracing the technology available, you’ll be able to better understand where a cyber security attack might come from and how best to protect yourself against threats.

Contact us

If you’re looking to boost your organization’s cyber safety and security protocols, contact Ian MacMillan, senior manager of cyber risk management.


  • Performance

    May 23, 2024

    Preparing Taxes 101: Claiming GST / HST

    Is your business able to claim the input tax credit on GST/HST? Discover who can make a claim, how to meet the conditions, and what expenses are eligible.

  • Progress

    May 22, 2024

    Is your family prepared for the unexpected?

    Is your family prepared for the unexpected? Learn how building a serious illness plan can provide continuity for your business and your family.

  • Confidence

    May 21, 2024

    How construction companies can overcome the pain points of an ERP implementation

    Implementing an ERP system in the construction industry offers plenty of benefits — but it’s not without its challenges.