Fortify your heavy equipment and secure your remotes to keep equipment safe
Cranes and hoists are essential for any operations involving heavy lifting. Many also have smart features preventing the load from exiting a specified zone or bringing it to a target position. Such offerings keep everyone safer, making workflows more productive.
However, all smart hoists and cranes need internet connectivity to work. That makes them potential targets for hackers. There’s even the possibility that someone — recognizing the value in such equipment — could try to restrict access or physically take it. These realities mean construction site managers, equipment operators, repair technicians and other relevant parties must take strategic steps to safeguard the heavy machinery.
Limit Access to Smart Equipment and Portals
The chances of a hacker gaining access to smart equipment increase when too many people have access to the machine or any online portals. Broadly speaking, that’s because there are more opportunities for things to go wrong.
Many people reuse passwords, increasing the reach hackers have. Workers may also share them with colleagues, seeing this action as an innocent way to assist others. However, it can erode cybersecurity. Traditional access control allows people to leave themselves logged into a portal accidentally, then step away from the computer long enough for others to take advantage of their account privileges.
These shortcomings of conventional passwords have compelled people to explore more robust access-control measures. Some common ones restrict what people can do based on their roles or responsibilities. Someone who works in a construction company’s customer service department and never needs to operate a smart crane would not have the credentials that let them do it.
That strategy also tackles problems such as theft or attempted usage by people not trained to use the equipment. Keeping equipment and the associated access sites or apps safe also means revoking someone’s credentials once they leave the company or otherwise no longer need them. Such management becomes much easier once administrators can see and control current access specifics from a dedicated portal.
Access control extends to smart equipment accessories people often overlook, including remotes. The best strategy for those is to deploy a layered approach. Keep them in a locked cabinet within a locked room and require people to open it with a personal swipe card, for example. Installing tracking devices on the remotes also makes it easier for supervisors to see who has one at any time.
Provide Employee Cybersecurity Training
Cybersecurity experts frequently say employees are among the weakest links of a company. Indeed, they may make mistakes or show intentional carelessness. However, many workers are not familiar enough with internet security best practices — especially if they didn’t grow up with the internet or participate in tech-centred roles throughout their careers.
That reality means employees could be the gateways allowing hackers to orchestrate their attacks. Phishing and related scams are some of the most common ways cybercriminals launch ransomware attacks. Ransomware locks entire networks and everything connected to them, leaving smart hoists, cranes and other equipment inoperable. Sometimes, hackers threaten to leak the data they stole, providing even more incentive for victims to pay the ransom.
However, phishing awareness is an excellent ransomware preventative. Set aside time in employees’ schedules to give them relevant, engaging training. Structure the content to include scenarios they’ll likely encounter in real life, plus tips for responding to them.
Consider the most convenient ways for people to receive the training, too. If all attendees don’t have desks and offices, that could make the delivery trickier. However, offering a dedicated area with mobile devices such as iPads helps people receive the training at the right times.
Keep Software Updated
The construction and heavy equipment sector was not historically among the first to adopt smart devices. However, with adoption rates rising, so are the risks of hacks. Cybercriminals view this as a high-value sector, knowing even minor disruptions are prohibitively costly. Thus, even if a hacker can’t steal gigabytes of data from a smart crane, they could lock down the machine with a ransomware attack or use malware to spread a virus that makes it inoperable.
Cybercriminals look for outdated software and other vulnerabilities, using them as entry points for beginning their attacks. Software updates may be outside of concern for many smart-equipment owners, but that must change.
A good starting point is to ask the manufacturer how updates occur. It’s often possible to receive periodic over-the-air updates that require little or no intervention from equipment owners. Alternatively, the user interface for a smart crane or hoist may have a feature allowing people to activate automatic updates. Then, the software downloads and installs automatically, meaning people don’t need to do anything to confirm they want the latest software.
Managers should also tell employees to alert them to any pop-ups they see about new updates needing installation. The same worker who sees the message may not be responsible for getting the software on the system. However, many people see such notifications as workflow disruptions. They might click to ignore and dismiss the message rather than take the time to see what it says and let the appropriate person know about the availability of the software.
Construction companies get hacked more often than many people realize. That’s due to a variety of reasons, including that companies often have their equipment spread across multiple sites and offices. Plus, many decision-makers don’t immediately consider their businesses as likely targets for hackers. As heavy equipment becomes more connected, people must change their protection strategies.
Better Protection Starts With an All-Encompassing Strategy
Protecting smart hoists and cranes from malicious parties requires carefully considering all risk factors, access points and vulnerabilities. Gathering that data makes it easier for leaders to assess where things stand and what they must do to follow all the applicable best practices.
Even if moving forward represents significant time and effort, it should pay off in the long run by enabling better safeguarding of a company’s vital assets. Even if only one piece of critical equipment becomes dysfunctional for a few days due to a cyberattack, that issue could dampen customer confidence, hurt the bottom line and severely restrict the workflow. That means prevention is always the best plan for limiting cyberattacks’ effects.
About the author: Emily Newton is the Editor-in-Chief of Revolutionized Magazine. She regularly covers news and trends in the construction and industrial sectors.
Print this page