No More Set-it-and-Forget-it Cyber Risk Management Logging on Means Always Being Vulnerable

Do any of these scenarios sound familiar?

  • Your office estimator is also your resident IT expert.
  • Multiple estimators in your firm share wide-ranging log-in rights with little password enforcement.
  • Your mobile phone has three layers of proprietary information on it—your company’s data, your clients’ data and maybe even your clients’ client data.

Let’s face it: No one wants to admit that their risk management strategy ranks somewhere between “asleep at the wheel” and “set it and forget it.” Whether your firm still backs up tape drives manually or conducts hourly backup and replication in the cloud, securing data and assets has evolved into a critical, never-ending job of whack-a-mole. This includes securing both visible assets, such as cranes and trucks, and invisible assets, such as digital plans and databases that contain client lists, customer lists, contact names, past projects and bid information.

How high are the stakes for both small specialty contractors and large general builders? Look no further than the recent large-scale WannaCry ransomware attack that has impacted more than 100,000 organizations and 150 countries. Just because you’ve never seen a construction firm in the headlines, doesn’t mean it hasn’t happened. Here are some eye-opening security questions that any firm should be asking:

  • How would we recover and restore data from one power outage, fire, laptop theft or misplaced mobile phone?
  • Could we rebuild our database from scratch after a virus or breach?
  • Are passwords automatically changed when employees leave the business?
  • Do we know who is accessing the applications that house our contacts and projects?
  • If someone leaves with copies of our software, can they still use it even after they are no longer an employee?

Pretty scary and overwhelming, right? OK, we know there is no turning back the clock to the days where takeoffs were done from paper plans and the lines between home, office and field were more defined. Besides, the whole point of mobile technology—smart phones, tablets and laptops—is about being able to seamlessly access and swap digital plans and change orders back and forth, on the run, from jobsite to jobsite.

Ultimately, the litmus test is pretty basic: If your company uses the internet, you’re at risk. To combat these vulnerabilities, construction firms must implement policies and processes to extend security across the jobsite and the office to ensure protection of both physical and intellectual assets.

We know the answer is never easy. But vigilance and a robust risk management process can go a long way when it comes to assessing exposure and minimizing the fallout. Ready to get started? Go ahead and download our white paper, Managing Risk in the Construction Industry, for a step-by-step guide—it’s a great starting point for construction firms that want to reduce and manage their risk.

Download Managing Risk in the Construction Industry

Leave a Reply

Your email address will not be published. Required fields are marked *