(301) 986-0600
Submit RFP Bill Pay

Protect Your Construction Company from Cyber Risks

A classic depiction of a contractor might show someone surveying the worksite with a hard hat and a set of blueprints. These days, the hard hat’s still there but the contractor is just as likely to be carrying a tablet.

And that tablet, while efficient, may open the door for new threats to your projects and business. Recent reports from cyber security specialists at Symantec and Verizon indicate that nearly a million malware threats are released every day. That’s well over 300 million threats a year.

And according to Verizon’s 2015 Data Breach Investigation Report, 85% of targets are small businesses. The 2014 report stated that 33% of all reported malware incidents occurred in the construction industry. That number is expected to increase as more companies start using smart mobile devices on the job.

Small Computers, Easy Access

Today’s smart phones and tablets have all the functionality of a computer and can easily access corporate servers. So cyber risks are increasing exponentially as more of these devices are used.

A lost or stolen mobile device has enormously significant ramifications for your construction business. And with current technology, it isn’t even necessary to steal the actual device. Hackers can steal data remotely by using worms and other viruses.

Typically, information like client lists and contracts, employee records, bid information, financial records and bank statements, and other data is stored electronically on one or more servers. It’s important to recognize that this vast amount of data makes your company a prime target.

Concentrated Theft Attacks

Cyber infiltrations can cripple your business and are often costly to fix. This is especially true if you experience an “advanced persistent threat” (APT), which is a concentrated network attack by a hacker who invades your system and remains undetected stealing data for a long time.

The widely publicized 2013 breach of Target involved an APT. An employee of an HVAC subcontractor doing work at the company opened a link in an email. That action released password stealing malware onto a computer, ultimately providing access to Target’s e-billing system. The breach has cost Target a reported estimated $150 million, with related costs to financial institutions of a reported $200 million.

Other cyber problems may be caused by system glitches and a lack of internal controls. And, of course, don’t overlook the human element. Careless employees may lose passwords or inadvertently grant access to outsiders. They may also expose your business by using an unsecured network on one of your company’s devices. For example, a project manager might check sensitive financial data on his smart phone at a fast-food restaurant near a job site.

Finally, don’t discount the possibility that a disgruntled former or current employee could open the door to hackers or personally install the malware.

What You Can Do

With such high stakes and easy access, it’s critical that your company take steps to protect itself and its information. The best defense against a cyber threat is a good offense. Taking these steps beforehand can minimize your risks:

  • Use strong passwords — not just the name of your company, a relative or your pet.
  • Periodically review your security measures and procedures and adjust when necessary.
  • Consult with a cyber security expert to pinpoint any vulnerabilities and follow recommendations to shore up protection.
  • Train all employees on security protocol in mandatory sessions.

It also may be a good idea to investigate insurance options. Some construction businesses have bought insurance against a breach. Obviously such a policy won’t prevent an attack, but it may help absorb some of the associated costs — including notification, public relations, and legal and liability expenses. Contact your insurance adviser for details.

Should you actually suffer a cyber attack, be prepared to act quickly to ensure that longstanding goodwill isn’t lost. Your team will have to work on all cylinders to minimize financial losses, both directly and indirectly, as well as to avoid any undue damage to your reputation.

A Double-Edged Sword

Technology can help your construction business become more efficient, but if you aren’t careful, it could destroy you. Consult with an information technology professional for more information on how to keep your data secure.

The Cost of Cyber Attacks

In Verizon’s 2015 Data Breach Investigation Report, the company estimated the costs your business can expect to incur if you fail to protect your data.
Here’s what the report states:

Other models tend to oversimplify the cost of a breach. We used actual cyber-liability insurance claims data to develop a more robust model that accounts for the uncertainty of costs as the number of records involved increases.

Using this model we estimate that the average loss for a breach of 1,000 records will be between $52,000 and $87,000 — $52 to $87 per record. In contrast, the average loss caused by a breach affecting 10 million records is estimated be between $2.1 million and $5.2 million — $0.21 to $0.52 per record.

The costs of a breach can far outweigh the effort and resources required to keep your business secure. We hope that this model helps you when you’re trying to explain the financial implications of a data breach to your organization.

* Download the PDF of this article