Narrow by location

Three Mistakes to Avoid When Building IT Strategies


When hackers stole credit card information from tens of millions of Target customers in 2013, the source of the data breach was tracked back to the construction industry.

A small HVAC contractor had provided services to Target, and when they suffered a data breach, hackers gained access to their network credentials, including the ones they used to remotely access Target’s network.

That’s why every business in the construction industry needs an IT strategy in place today. At its core, an IT strategy is a plan of action that defines how a company will work in regards to information technology. Built correctly, a good IT strategy will help protect businesses against threats and keep digital assets safe.

When building an effective IT strategy, start by avoiding these three common mistakes.


Security policies are the first line of defense against hackers, viruses, ransomware and other threats. Businesses’ security policies should answer these questions:

  • How often are passwords changed?
  • How often are inactive users removed from the system?
  • Are users allowed to access their email and computers after business hours?
  • What are the rules for the acceptable use of company technology?
  • How often are users trained on security practices?

Remember that security is not static. Threats constantly evolve, and new threats are emerging faster than ever. It’s not enough to just set up a security policy. It’s important to regularly review the security policy and update it to current standards.


Sharing digital assets is mission-critical to every company in the construction industry. The challenge is finding a way to quickly collaborate with architects, contractors, subcontractors and other parties, while keeping all of the assets secure. That’s why a digital asset sharing policy needs to be a core element of a company’s IT strategy. It not only streamlines workflows and makes a company more efficient; it also helps protect businesses against liability in the event of miscommunication or mistakes.

At a minimum, an asset sharing policy needs to define:

  • How will the company share digital assets between parties?
  • Who has access to the system?
  • How will the company keep track of communications?

Remember, in any construction project, the sheer volume of documents being shared creates openings for mistakes. The best way to protect a company is to establish a firm asset sharing policy.


The key to success with any IT strategy is getting team members to voluntarily participate. When team members know the reasons why a particular rule is in place, they find it easier to follow that rule, and that makes the strategy more effective.

For that reason, an IT strategy cannot be created in a vacuum. It needs to be built on feedback from team members throughout the organization. Talk to the people who actually use the technology, and find out what they believe the policies should look like.

Opening up a dialogue and showing the intent of the rules helps minimize confusion and increase compliance. Each policy in an IT strategy should answer these questions:

  • Why does this policy exist?
  • What is the intent of this policy?
  • What dangers and risks does this policy avoid?

Remember, communication is the most important key to an effective IT strategy. Team members need to know what the rules are and why they are in place. But even more importantly, they need to have input on those policies in order to be committed to following them.

Unfortunately, there is no one-size-fits-all IT strategy. Avoid making these three mistakes, and the company will go a long way toward designing a comprehensive strategy that protects the company.

The Maturing Construction Technology M&A Environment

By Andrew Henderson, FMI When it comes to technology deployments, the construction industry is severely lagging other industries.... »

Whaling Cyberattacks: What You Need to Know

from Carr, Riggs & Ingram Cyberattacks are here to stay—partially because the financial result is lucrative for the... »

Protecting Your Company Against Executive Impersonation Fraud

from Carr, Riggs & Ingram A company’s employees are generally expected to strive to protect the organization from... »

4 Steps to Assess Your Cybersecurity Risk

from Carr, Riggs & Ingram Do you know where an attacker could break through your company’s cyber defenses?... »


Your email address will not be published. Required fields are marked *