Skip to content
Change industry

You said ·  We had a breach or close call

Industry ·  Construction and engineering

A breach just happened and you need a plan to stop it repeating.

The phone rings at 4am. An invoice has been redirected. Or the site laptops are locked by ransomware. The first hour determines whether the damage is a nuisance or a business-ending event. Construction firms are prime targets because the supply chain is long and the security posture is often fragmented across dozens of subcontractors.

See if we're a fit More on construction and engineering

What this usually looks like

What a breach looks like on a construction site.

You are dealing with Procore or Aconex access issues, Jobpac data integrity checks, and the immediate need to restore site operations. Meanwhile, your head contractor like Lendlease or Multiplex is demanding a root cause analysis and an incident report within 72 hours to satisfy their own compliance obligations.

The pressure mounts from the insurance provider who wants forensic evidence, the clients who want to know if their data is safe, and the regulators if personal information was involved. The usual IT support phone tree is not equipped for this level of urgency or complexity.

This is not just about wiping a server. It is about restoring trusted identities, securing the mobile workforce devices, and ensuring the backup data you rely on is actually clean and restorable.

Where we'd start

Where we start when the alarm goes off.

  1. Step 01

    Contain the threat immediately

    We isolate the compromised accounts and endpoints to stop lateral movement. We preserve logs for the forensic audit your insurance provider will demand. We verify the integrity of your financial data to stop further invoice fraud. Time is the only currency that matters in the first four hours.

  2. Step 02

    Restore operations safely

    We do not just reboot. We verify the backup sets before restoration to ensure they are not also infected. We re-image affected devices and enforce MFA on all access points. We prioritise the systems that keep the site running, such as Jobpac and communication tools, before tackling the wider network.

  3. Step 03

    Close the gaps that allowed it

    We analyse the entry vector to prevent recurrence. This usually means tightening email security, enforcing phishing-resistant MFA, and patching the specific vulnerabilities exploited. We update your incident response plan and ensure you meet the Essential Eight ML1 requirements that your next principal contractor will inspect.

CCP's security floor

Every CCP client is covered by the Client Security Baseline.

The CSBO is our contractual security floor. MFA on everything that matters. Application control. Vulnerability management. Backups restored, not just scheduled. Account offboarding the same day someone leaves. Password management staff will adopt. Annual awareness training.

If you won't do the basics, we'd rather decline than take responsibility for an incident you chose to ignore.

  • Multi-factor authentication

    Phish-resistant MFA on everything that matters.

  • Application control

    Allowlisted applications. Nothing else runs.

  • Vulnerability management

    Known vulnerabilities remediated inside thirty days.

  • Tested backups

    Backups that have actually been restored, not just scheduled.

  • Same-day offboarding

    Account access cut the day someone leaves the business.

  • Password management

    A password manager your staff will actually use.

  • Awareness training

    Annual cybersecurity training. No one opts out.

  • The full baseline

    Eleven controls in total. Seven shown here. See what's included in Managed IT Complete.

Track record

Twenty years in. A hundred-plus clients. The numbers are load-bearing.

Years in business
0+
Loved clients
0+
Aussie techs
0%

4.8 average · 46 reviews on Google

“The new investors are making us offshore IT. It sucks. You guys were perfect. I don't want to change.”
Paraphrased. A client forced to leave after an acquisition.

Our clients measure their tenure with us in years, not renewals. When they do have to leave (almost always because they've been acquired), they're sad about it. That's the metric that matters.

“Night and day working with CCP. They came in from day one, spent the time to ensure everything was set up and secure properly, and now everything just works. Due to the success we've had with them, we further engaged them to manage our phone systems and website. If you work with CCP you will never have to worry about your IT systems again.”
Trent Martin Google review
“We have been using CCP since the early 2000s and have always had great service on our 20-plus PCs and server. We recently moved to a managed service and cannot rate the experience highly enough. Well done Lee and team.”
Kelvin Mansfield Flexi Google review
“We have been continually impressed with CCP over the several years we have used them. They are extremely efficient, excellent customer service and well priced. I would recommend Lee and his team.”
ProcessWorx HR consulting, Perth Google review
See if we're a fit

The qualifier

Let's see if we're a fit.

Seven questions, one moment of your time. We'd rather tell you now than three months in.

Step 1 of 7

How big is your team?

Counting everyone: staff, contractors, anyone with an account.
See if we're a fit