It has now been about seven months since the COVID-19 virus first arose in the U.S. The majority of the construction industry has survived at least one shut-down and its employees have acclimated to working from home. 

As the industry adjusts to the new normal, construction companies must remember to appropriately balance their mitigation and prevention efforts to not only fight COVID-19 on the health care front, but also to step up their efforts to fight the steep increase in “virtual” viruses through cyber-attacks during the pandemic. In fact, the FBI recently reported that the “number of complaints about cyberattacks to their Cyber Division is up to as many as 4,000 a day. That represents a 400% increase from what they were seeing pre-coronavirus.”

In the last few weeks, some states, in an effort to return to “normalcy,” have re-opened many of their commercial sectors that were previously on hold. This new re-opening affects those in the construction industry as well. During this time of transition, the construction industry has naturally focused on setting forth concrete policies to reduce the threat of COVID-19 on its project sites. Some other practical steps suggested by several sources to deal with COVID-19 on jobsites include the following:

• space out workers and/or conduct a job hazard analysis to determine the appropriate spacing of workers on construction sites;
• use staggered shifts;
• monitor the temperature of workers; 
• provide gloves and masks and other appropriate PPE;
• clean and disinfect high touch areas and frequently used tools;
• increase the number of hand washing areas or hand sanitizing facilities;
• conduct video conferences in lieu of in person meetings; and
• ask employees to help monitor their team members.

However, as the country moves and transitions again into the fall and the re-opening of more businesses, those working in the construction industry should also be on the continued lookout for another type of virus—stepped up efforts by third parties to take advantage of these uncertain times to inject viruses into and/or hack into their computer systems, both in their company’s home office and in the field. 

As health care professionals are fond of saying, the more preventative actions taken, the safer everyone will be. The same applies to the virtual world and virtual viruses. During this time of transition, those in the construction industry must make sure that they are implementing at least the following safety protocols to keep the company and its computer systems safe from being “infected” with a computer virus. Some preventative measures that construction executives should take include the following:

• Train, train, train personnel. Due to COVID-19, construction companies now use the internet more than ever to schedule work, review plans and specifications, and transfer information. Consequently, it is imperative that construction companies provide their employees regular training courses in basic cyber security, including, but not limited to, what a social engineering/phishing e-mail looks like, what spoofing is, and how to know if their computer has been hacked. The training should also ingrain personnel with the habit of double-checking before clicking on ANY attachment from an outside source. In fact, many construction companies have colorful banners at the top or bottom of an external e-mail warning them of the e-mail’s origin.
• Beef up systems and IT personnel. Do an audit of IT systems. Make sure IT personnel are trained and know how to regularly patch the company’s systems, upgrade firewalls, monitor the system for anomalies and silo off certain parts of IT systems. IT personnel should also be looking into two-factor authorization for systems, which means that to log onto the computer system, the employee must have his/her username and password and then another piece of information known only to them such as a randomly generated code that frequently changes. Also, make sure that IT persons know how to encrypt transmissions both in transit and at rest. Finally, make sure they know how to correctly and securely set up computer systems in the field. 
•  Bring company policies up to date. Make sure to have the computer and electronic use policy upgraded to limit the use of the IT system to only work-related items, distinguish what to click on and what not to click on and how to know the difference, and prohibit the use of any social media platforms as they are havens for hackers. Have management set an example by reminding the employees that the computer policies apply to ALL employees.
•  Buy insurance. There are many cyber insurance policies in the market today that tailor both to certain industries (like construction) and that are tailored to the size of the firm. Most policies will pay for themselves with just one hack or cyber intrusion. For even the smallest breach, the response and investigation and possible notification requirements will cost in the tens of thousands of dollars.

Just like the implementation of certain basic changes in behavior listed above can help keep COVID-19 at bay, implementing at least the recommended IT/cyber changes above will help to keep the company virus free in the virtual world as well.