Construction Leaders: Is Your Document Data Secure?
As the construction industry becomes more digital, here’s what leaders can do to have the right protocols in place to ensure critical document and project data remains secure
In an increasingly digital and interconnected world, many companies overlook one of the simplest technology tools that can have an outsized impact on productivity and efficiency: document security.
Understanding the importance of the protection and dissemination of data included in construction documents is the first step in supporting the growth and efficiency of the architecture, engineering, construction and operators (AECO) industry.
A recent study by Autodesk and FMI estimates that bad data cost the global construction industry $1.85 trillion in 2020. Maintaining relevant, accurate and complete data sets that can be used to inform data-driven decision-making is an important step for construction firms wanting to thrive in the age of information technology.
Securing your data goes hand-in-hand with creating and maintaining it, however. According to Surkay Baykara, senior information security consultant with PCI DSS, “[data] security is the maintenance of all essential documents stored, filed, backed up, processed, delivered and eventually discarded when they are no longer needed.” In the 2021 Cyberthreat Defense Report, roughly 86% of the 1,200 companies surveyed had data compromised by at least one successful cyberattack in 2021, the largest annual increase in successful attacks since 2015.
In addition to the increase in cybercrime, non-malicious data breaches are also becoming more common as a large percentage of the workforce has shifted to remote work. These types of breaches are often due to human error, such as accidently sending the data to the wrong recipient, either via email or mail; displaying incorrect data within an individual’s online portal; or simply sending files to multiple recipients whose information is visible to one another.
Training your team on their responsibilities and keeping communications and other systems up to date can help to reduce these types of incidents.
Stages of data security
Capture: This is the process stage that describes the “onboarding” of information in the data management system. This can include scanning hard-copy documents, filing emails or creating and saving documents directly from an application. Along with capturing data, sending the data to an appropriate storage location (“routing”) is equally important.
Store: Data storage can be applied to both hard-copy documents or electronic systems. The storage type, location and access security required for each type of data is an important consideration for companies as they implement these types of processes.
Data Management: This stage of the process is concerned with managing the permissions, user roles, versioning control and audit trails of the data. An important part of maintaining a secure data environment is limiting access to those individuals who would need to gain direct access to the information and maintaining records of every activity or transaction applied to a piece of data (who did what, when). This allows companies to prove activities related to maintaining security to stored data, especially when a data breach occurs.
Preserve: Data retention is a key aspect of validating and ensuring a secure data environment. However, as resources—digital or physical space for storage, for instance—are limited, maintenance is required to remove invalid or outdated data. Some information is required by law to be kept for a certain number of years. Once data no longer needs to be stored, setting up policies to securely dispose of it is critical.
Access and Sharing: This is also known as the “delivery” stage and focuses on how data can be shared securely with other users or business partners. This is often accomplished using shared folders or drives, but without proper management, this can lead to unauthorized access and data breaches. Accessing data via mobile devices—such as tablets or phones—also causes more complexity in securing data access.
Integration: Exchanging information with other business applications allows for a comprehensive overview of systems or data to create logical, data-driven decision-making capabilities for individuals. For this to be truly successful, all the preceding stages are critical to providing consistent and accurate data.
Types of data security
Finally, how can companies and individuals begin to securely validate the data they create? Below is an infographic describing six common types of data security practices. Following that is a series of infographics comparing the three main ways we in the construction industry typically validate data for transfer. Understanding the tools available to your company can better help inform decisions when it comes to data security and validation.
Encryption
A cryptographic key is required to access the information; without the key, any information in the document will be rendered as meaningless text
Password protection
A document cannot be accessed (depending on specific permissions set) without entering the password
Restricted access
Assign permissions to users, roles, groups, and resources - only users who have been authorized can access sensitive documents with either read or write permissions
Watermarking
Static or dynamic watermarks can be used as visual reminders of confidentiality or can identify users who create, change or print a file
Document expiry
Allow user access to a document only within a specified time period
Information rights management
Control read, edit, copy, paste, print or screenshot the content permissions - permissions are stored in the document and authenticated by an IRM server
Electronic signature
- Digital form a wet signature that is legally binding
- Can be a symbol, image or process attached to the message or document to recognize identity and give consent to it
- Used for verifying a document
- Validation is not performed by any trusted certificate authorities or trust service providers
- Vulnerable to tampering with limited security features
- Not typically authorized and does not inlcude any coding or standards
- Simple to use, but has a lesser level of evidential value
Digital signature
- Secured signature that works with an electronic signature and relies on a public key infrastructure
- Electronic fingerprint that encrypts and identifies a person's identity
- Used for securing a document
- Validation is performed by trusted certificate authorities or trust service providers
- Highly secure with a multitude of security features
- Typically authorized and comes with encryption standards
- Can be more complicated, but offers greater authenticity
Share this post on:
Subscribe now
to receive newsletter with latest news weekly from Revu Experts Vietnam.
Related posts
A Guide to Performing Punch in Bluebeam
Discover how Bluebeam can streamline a construction project’s punch list phase, enhancing collaboration and accuracy for flawless project completion
Revolutionize Construction Estimations: A Deep Dive into Bluebeam Quantity Link
Bluebeam’s Quantity Link empowers construction workers with real-time synchronization between PDF drawings and Excel spreadsheets.
Green Building Revolution: Transforming Construction with Sustainable Materials, Innovations
Innovations in materials like green concrete and renewable resources are driving a transformative shift toward greener buildings.
Bluebeam Compare Documents vs. Overlay Pages
Discover how Compare Documents and Overlay Pages by Bluebeam transforms managing documents with precision and visual clarity