Why Construction Companies Should Protect Information Data with MFA Strategies

Jason Gotway
November 1, 2023|

Mobile and tablet devices have become essential tools in the construction industry, allowing for increased productivity and real-time communication. With this convenience comes the need for heightened security measures. As construction companies increasingly rely on mobile devices, the risk of data breaches and cyberattacks also rises. Security measures like two-factor authentication (2FA), specifically text-based SMS 2FA, verify user identities to prevent unauthorized access to your company’s network, but operate under several security flaws that make it less effective than alternative multifactor authentication (MFA) methods.

Why Construction Companies Should Use MFA over SMS 2FA

Mobile device security is not something that construction companies can afford to overlook. Construction companies often deal with confidential client data, financial records and business plans. If cybercriminals gained access, it could lead to significant financial losses, reputational damage and even legal implications. Phishing attacks resulting in the release of ransomware or social engineering attempts that successfully trick employees into releasing funds or granting access to sensitive data are on the rise, with email and text messages serving as the vectors of choice for cybercriminals. Even worse, hackers could potentially use your network to gain access to the networks of your vendors or clients, further spreading malicious software or accessing data, creating a third-party liability headache for your company.

Although SMS 2FA provides some layer of protection, some limitations to this form of authentication can negatively impact construction companies. SMS 2FA relies on delivering a unique code sent to users via text message, but messages can be delayed or even fail completely in areas with poor network connection, making it difficult to access secure accounts even on a trusted device. This can potentially prove to be frustrating and time-consuming for employees, negatively impacting productivity for employees who rely heavily on their cell phones. Messages can also be intercepted by hackers who clone or replace a victim’s SIM card. As the fight against phishing and social engineering attacks becomes even more important to the construction industry, SMS 2FA simply doesn’t provide enough protection. Cybercriminals can still pose as vendors, clients, executives or managers in your company to request sensitive data or share malicious links.

Increased Protection from Phishing and Social Engineering Attacks

MFA adds an additional layer of security by requiring users to provide multiple forms of authentication, such as a password and a unique verification code generated from an authenticator app, such as Microsoft Authenticator. This significantly decreases the likelihood of unauthorized access, as even if a password is compromised, the attacker would still need physical possession of the user’s mobile device to proceed. This method doesn’t require internet access or a data connection.

Mobile devices are especially vulnerable as they can easily be misplaced, lost or stolen. The risk of device loss or theft is even higher in the construction industry, where employees often work in unpredictable environments with people they may not know. By implementing MFA strategies and tools, such as Microsoft Intune which allows policies that require additional information from users before allowing them access, construction companies can add an extra layer of protection to their mobile devices. Even if a device is lost or stolen, the unauthorized person would still need the additional authentication factor to access the device and its sensitive information.

Improved Data Protection Through Multifactor Authentication

Construction companies often rely on remote access and collaboration tools to streamline their operations. This means that employees and contractors may access critical systems and data from various locations and devices. Implementing MFA ensures that only authorized individuals can access these systems, adding an extra level of security to remote operations.

Implementing MFA strategies can also help construction companies comply with various industry regulations and standards. Many regulatory bodies and clients require organizations to implement robust security measures to protect sensitive data. By implementing MFA, construction companies can demonstrate their commitment to data security and fulfill compliance requirements.

Construction companies should prioritize protecting their mobile devices by implementing MFA strategies. The benefits of MFA, such as increased security, reduced risk of unauthorized access and compliance with industry regulations, make it an essential measure for safeguarding sensitive information. As the construction industry continues its digital transformation, investing in MFA strategies will ensure that valuable data remains protected and the company’s reputation remains intact.

About the Author: Jason Gotway

Jason Gotway
Jason Gotway is principal and technology practice leader at Anders CPAs + Advisors. He has more than 15 years of experience in helping businesses enhance their technology and cybersecurity strategy. Jason can be reached at jgotway@anderscpa.com or (314) 655-5560.

View Our Latest Print Edition

Fresh Content
Direct to Your Inbox


Join CNR Magazine today as a Content Partner

As a CNR Content Partner, CNR Magazine promises to support you as you build, design and engineer projects not only in and around St. Louis, but also across the U.S. CNR is equipped and ready to deliver a dynamic digital experience paired with the top-notch, robust print coverage for which you’ve always known and respected the magazine.