Grappling With Viruses on Multiple Fronts: Ongoing Cyber Risk Management in the Age of COVID-19

There are two viruses contractors must battle: COVID-19 and computer viruses. Here are tips to combat both.
By Richard Volack
September 19, 2020

It has now been about seven months since the COVID-19 virus first arose in the U.S. The majority of the construction industry has survived at least one shut-down and its employees have acclimated to working from home.

As the industry adjusts to the new normal, construction companies must remember to appropriately balance their mitigation and prevention efforts to not only fight COVID-19 on the health care front, but also to step up their efforts to fight the steep increase in “virtual” viruses through cyber-attacks during the pandemic. In fact, the FBI recently reported that the “number of complaints about cyberattacks to their Cyber Division is up to as many as 4,000 a day. That represents a 400% increase from what they were seeing pre-coronavirus.”

In the last few weeks, some states, in an effort to return to “normalcy,” have re-opened many of their commercial sectors that were previously on hold. This new re-opening affects those in the construction industry as well. During this time of transition, the construction industry has naturally focused on setting forth concrete policies to reduce the threat of COVID-19 on its project sites. Some other practical steps suggested by several sources to deal with COVID-19 on jobsites include the following:

  • space out workers and/or conduct a job hazard analysis to determine the appropriate spacing of workers on construction sites;
  • use staggered shifts;
  • monitor the temperature of workers;
  • provide gloves and masks and other appropriate PPE;
  • clean and disinfect high touch areas and frequently used tools;
  • increase the number of hand washing areas or hand sanitizing facilities;
  • conduct video conferences in lieu of in person meetings; and
  • ask employees to help monitor their team members.

However, as the country moves and transitions again into the fall and the re-opening of more businesses, those working in the construction industry should also be on the continued lookout for another type of virus—stepped up efforts by third parties to take advantage of these uncertain times to inject viruses into and/or hack into their computer systems, both in their company’s home office and in the field.

As health care professionals are fond of saying, the more preventative actions taken, the safer everyone will be. The same applies to the virtual world and virtual viruses. During this time of transition, those in the construction industry must make sure that they are implementing at least the following safety protocols to keep the company and its computer systems safe from being “infected” with a computer virus. Some preventative measures that construction executives should take include the following:

  • Train, train, train personnel. Due to COVID-19, construction companies now use the internet more than ever to schedule work, review plans and specifications, and transfer information. Consequently, it is imperative that construction companies provide their employees regular training courses in basic cyber security, including, but not limited to, what a social engineering/phishing e-mail looks like, what spoofing is, and how to know if their computer has been hacked. The training should also ingrain personnel with the habit of double-checking before clicking on ANY attachment from an outside source. In fact, many construction companies have colorful banners at the top or bottom of an external e-mail warning them of the e-mail’s origin.
  • Beef up systems and IT personnel. Do an audit of IT systems. Make sure IT personnel are trained and know how to regularly patch the company’s systems, upgrade firewalls, monitor the system for anomalies and silo off certain parts of IT systems. IT personnel should also be looking into two-factor authorization for systems, which means that to log onto the computer system, the employee must have his/her username and password and then another piece of information known only to them such as a randomly generated code that frequently changes. Also, make sure that IT persons know how to encrypt transmissions both in transit and at rest. Finally, make sure they know how to correctly and securely set up computer systems in the field.
  • Bring company policies up to date. Make sure to have the computer and electronic use policy upgraded to limit the use of the IT system to only work-related items, distinguish what to click on and what not to click on and how to know the difference, and prohibit the use of any social media platforms as they are havens for hackers. Have management set an example by reminding the employees that the computer policies apply to ALL employees.
  • Buy insurance. There are many cyber insurance policies in the market today that tailor both to certain industries (like construction) and that are tailored to the size of the firm. Most policies will pay for themselves with just one hack or cyber intrusion. For even the smallest breach, the response and investigation and possible notification requirements will cost in the tens of thousands of dollars.

Just like the implementation of certain basic changes in behavior listed above can help keep COVID-19 at bay, implementing at least the recommended IT/cyber changes above will help to keep the company virus free in the virtual world as well.

by Richard Volack
Richard Volack is a Partner and Chair of Peckar & Abramson’s Cyber Security & Data Privacy practice.

Related stories


History Repeating

By Grace Calengor
Trimble used its scanning and data-sharing technology to bring the ancient Library of Celsus back to life in the virtual world.

The Benefits of Incorporating Smart Helmets Into Your Safety Plan

By Bart Wilder
Sometimes, introducing new technology at your construction company is as simple as strapping on a new helmet. But that simplicity can be lifesaving thanks to today's smart helmet technology.

The Critical Role of Vendor Data in Capital Construction Projects

By Houman Payami
Trusting the quality of data supplied by your vendors is just as important as trusting the quality of the vendors themselves.

Follow us

Subscribe to Our Newsletter

Stay in the know with the latest industry news, technology and our weekly features. Get early access to any CE events and webinars.