6 minute read
Strengthening cybersecurity in construction
Chris Gillen, CEO, Total Support. Matthew Poppe, director of operations. Tamara Charleyboy, Helpdesk technician.
When most people think of cybersecurity, they picture hooded figures typing rapidly on keyboards, breaching internal servers and hacking into mainframes. Unfortunately, that is a stereotype and not at all the reality that most businesses are up against in the world of advanced technology. Total Support Solutions aims to help their clients in B.C. navigate and adopt ways to strengthen their cybersecurity to protect themselves and their businesses.
Total Support Solutions is a full-service IT company that offers on-demand support (both remote on and on-site), as well as fully outsourced IT department solutions including CIO services and cybersecurity services. Their head office is in Victoria, B.C., but their employees are located all throughout B.C. According to Chris Gillen, chief executive officer for Total Support Solutions, they operate predominantly in B.C., with some clients in Alberta and Ontario.
“Our services come down to a few key categories. Our first category is in our main offerings called Helpdesk,” Mr. Gillen says. Helpdesk is a remote service providing day-to-day support to staff and employees within organizations with IT problems they may be facing. “Our second department is projects, tasked with handling and maintaining changes within organizations, such as large-scale deployment upgrades and installations of new software or hard-
B.C. AIR FILTER - NOW IN PRINCE GEORGE FOR ALL YOUR COMMERCIAL AND RESIDENTIAL AIR FILTER NEEDS!
We do bulk filter orders or ‘Bag & Tag’ for contractors. Warehouse – 1975, Ogilvie St. S., Prince George, BC V2N 1X2 PHONE/FAX – 778-764-5575
ware. If an organization comes up to us and wants to roll out X, Y or Z, we’ll assemble the team to make that happen for them.”
Total Support Solutions’ third service is procurement. Mr. Gillen says they maintain relationships with major vendors and wholesalers operating within Canada, from whom they source most parts that clients ask for. Lastly, they also have a training department; Total Support Solutions has certified trainers on staff and they run a training academy out of Vancouver to make sure their employees are CompTIA certified.
Cybersecurity has become an important part of keeping your business safe. At its core, cybersecurity is protecting businesses against attacks that happen via modern technology, such as someone trying to hack into a person’s network or system with the intention of gathering information about staff members or the business as a whole.
“Cybersecurity is the process of hardening your business against those attacks, and we do that by following a set of best practices and principles that are well-established and understood. We also do fairly specific analyses of each individual business’s case and try to
identify unique vulnerabilities,” Mr. Gillen says.
Mr. Gillen says there are several unique cybersecurity challenges for the construction industry in Northern B.C. For example, Northern B.C. has had some trouble with accessing the sort of same level of support seen in major cities such as Victoria and Vancouver. As a result, the cybersecurity is a little lagged behind. Also in Northern B.C., the Internet can be spotty, meaning the technology implemented is on the older side.
“We have areas where we use onpremise servers because the Internet won’t support the bandwidth necessary to move everything to the Cloud,” Mr. Gillen adds. “The other thing is the environment can often be tough; it’s mountainous and remote. All of these things place stresses on the infrastructure of businesses and regions as a whole, and those can’t help but have an effect on their cybersecurity.”
The No. 1 current trend to look out for these days is phishing, which is humanengineered. There is very little technology involved, except for dummy emails or webpages. Phishing attacks have increased in amplitude and intensity, so all the cybersecurity hardening done in operating and antivirus systems are obsolete. The most common methodology involves a scammer sending out an email or giving a website that looks like a commonly used service. They will replicate the experience of logging in with your username and password. From the enduser’s perspective, they thought they went to the correct website, but what they’ve done is submitted their information to a website that has harvested and captured their information. From that point, the scammers will spend the first couple weeks or months observing what they can get access to, what files they can touch and form a plan to perform an attack.
Mr. Gillen says the types of attacks he sees in construction are large-scale, bigmoney sophisticated attacks, and the hackers are doing it in ways that many organizations don’t realize they’ve had a breach. The average breach in detection was 121 days; that’s 121 days of someone rummaging around the inside of your business, learning how it operates and figuring out how to extract money.
“In the case of construction, you’ve often got lots of money floating around. Often organizations are very busy so they don’t have a lot of time to stop and do an analysis of every email that comes in. That makes an enticing target,” Mr. Gillen says.
Over the last year, the number of attacks has increased by 300 per cent since the beginning of COVID. Three out of 10 companies in Canada have been subject to an attack, both attempted and successful. Mr. Gillen says most of these breaches can be solved, or at least miti-
ENGINEERED WOOD
We can help you with that checklist.
Complete projects ahead of schedule. Reduce on-site labour costs. Reduce building time on-site by 63%. Engineer approved trusses. 3D structural “crash-testing” of your design. Reduce waste costs by 76%. Create a safer work site.
gated, with simple techniques.
“First of all, you need to have good IT and good IT discipline,” Mr. Gillen says. “You need to be using, wherever possible, multi-factor authentication.”
Multi-factor authentication is security technology requiring multiple methods of authentication from independent categories of credentials in order to verify a user’s identity for a login. That way, when a scammer tries to hack in, two things happen. One: they can’t get in because they don’t have your cellphone or computer. Two: you get a notification on your device that says someone is trying to access your account. As a result, instead of this going on for months, you can let your security team know you’ve had a potential hacker breach and they can spring into action from that point forward.
“Your security is now 1,000 times better because of that simple barrier of multi-faction,” Mr. Gillen says.
The second line of defense is infrastructure, such as routers that are wireless access points and networking equipment that is better at detecting and defending against attacks. Last but not least, cybersecurity has to be prioritized from the top down, meaning the owner of a business has to make that investment.
“Scott Bone, CEO of NRCA, and I are currently looking to start some training courses on behalf of NRCA that Total Support Systems would host,” Mr. Gillen adds. The courses aim to cover all things cybersecurity-related.
“I encourage people to reach out; I am open for a meeting or chat,” Mr. Gillen says. “We work in service of construction organizations, and we really want to make sure our clients and our potential clients are safe.”
For more information, visit totalsupportsolutions.ca. l
CONDITIONS CHANGE. BE PREPARED AND PLAN AHEAD.
The safety of your employees is your responsibility, including when they’re behind the wheel. Take steps to reduce the increased risks they face during winter conditions. Download our free winter driving safety tool kit at ShiftIntoWinter.ca.
Know before you go | DriveBC.ca | ShiftIntoWinter.ca
RESPONSIBLE QUALITY CONTROLLED. EXPERIENCED.
CIF Construction Ltd. (CIF) is a premium concrete and civil contractor. Founded in 1991, CIF has been successfully operating in the mining, oil and gas, forestry, pulp and paper, bioenergy, wind energy, commercial and municipal industries for 30 years.
