Cyber Security Training Guide, Your Guide to Educating Employees in the AEC Industry on Cyber Security

Your Guide to Educating Employees in the AEC Industry on Cyber Security

Technology is everywhere, and it’s used in practically every industry imaginable. From retail companies to specialized service hubs, almost every business now uses technology for a variety of reasons. And, the AEC (architecture, engineering, and construction) industry is no exception.

As a business owner in the AEC industry, you’re probably using services like web servers, cloud storage, off-site data centers, and more to keep your company data safe. But with lack of a certified cyber security system in place, how safe is your data?

One of the best ways to protect your data from cyber-attacks is to properly educate the people constantly using, interacting, and adding to said data—which are your employees. Here are a few ways on how to do so:


Cyber Security Training Guide, Your Guide to Educating Employees in the AEC Industry on Cyber SecurityMany AEC employees often choose simple, sensible passwords that are easy to remember—i.e., birthdays, anniversaries, alpha-numerical sequences, etc. They also use the same password for months (maybe even years) on end.

But passwords that are easy to remember are also passwords that are easy to guess.

  • To Do: Emphasize the importance of selecting a strong and cryptic password. Encourage a mix of numbers, letters, and symbols as much as possible. Symbols especially, as they’re difficult to randomly guess (ex. difference between guessing a “cba321” password and a “cba_3!21” password).
  • Bonus: Require a mandatory password change every three to six months. The more stagnant or idle a password is, the easier it is to guess over time.

Related Content: Security Tips: Creating Strong Passwords

Proper Internet Use

AEC employees who aren’t really familiar with how cyberattacks work don’t realize that not every link is legitimate or trustworthy. They need to know how to spot suspicious links or sketchy websites, lest they accidentally download malicious software.

  • To Do: Train your employees on how to use an anti-virus program in filtering out disguised Trojans and malicious software immediately. On top of that, have them act as the first line of defense by teaching them how to recognize illegitimate or questionable link sources.
  • Bonus: Establish safe-browsing rules or limit the sites your employees can access while on the company network.

Securing Company Data

Cyber Security Training Guide, Your Guide to Educating Employees in the AEC Industry on Cyber SecurityWhen it comes to cyber security, prevention is key. Many of the security measures providers put in place are systems to prevent cyberattacks from happening. Employees can help discourage digital theft by not giving potential attackers anything to work with. That means keeping company data under digital lock and key.

  • To Do: Make them understand how severe the consequences of company data complacency. Regardless of their departments or titles, every employee is legally obligated to respect and protect the integrity of company information.
  • Bonus: Include protecting company data as an obligation in their contracts so that it’s legally binding.

Responsible Social Media Use

As much as possible, employees should not mix personal social media accounts with business accounts. What’s more, they should refrain from posting anything about the company to their social profile, regardless of their intent. This means restricting everything from pictures and videos to colleagues’ names and job descriptions.

If their social media profiles are public—which they typically are—anyone can access the information and take advantage of it.

  • To Do: Establish a strict policy regarding accessing personal social media profiles while on company time and company property.


A lot of cyberattacks happen when you open or respond to emails you don’t recognize. Many email clients already have an active filtration system, so suspicious emails automatically get regulated to the Spam folder. However, some do slip past their defenses. Cyber security is all about remaining vigilant and preventing such underhanded attacks from happening.

Related Content: 7 IT Consultant Approved Tips on How to Keep Your Email Safe from a Cyber Attack

  • To Do: Train employees to carefully read the sender’s address, the email title, and the preview. There’s a certain pattern to malicious emails that can be recognized given enough knowledge and training. If they can’t identify the sender, they need to run it through a program or delete it immediately.
  • Bonus: Establish questions that they can ask themselves when filtering emails. For instance, “Do I recognize the sender’s address?” “Have I received an email from them before?” “Is this email something I was expecting?” and the like.

As business owners, we’re often focused on things like branding, marketing, and product brainstorming. Unfortunately, tunnel vision can cause us to overlook the simple—yet crucial—task of protecting our assets. Investing in cyber security services and add-ons like live, in-person cyber security training, phishing tests, and employee testing will ensure your company has an ironclad defense against digital attacks.