In an age where everything is connected and cyber threats have become more sophisticated, it is more important than ever to know what to do in the event of a cyber security breach.
Imagine a scenario in which a construction executive returns from a planning meeting for one of the company’s largest building projects. He/she is excited about starting the multi-year, multi-billion-dollar project and all the income and publicity that will come with it. Now imagine that an hour later one of the company’s junior IT employees comes to the executive’s door and says that the firm’s IT systems were hacked and the hackers planted a Ransomware virus that completely froze all of the company’s computer systems. The hackers demanded that the firm pays $50,000 in bitcoin, or they will not “unlock” the firm’s computer systems and will erase all data stored on the firm’s IT systems.
Unfortunately, this nightmare scenario is becoming increasingly common in the construction and development industry. Due, in part, to the constant movement of money, frequent turnover of personnel and exposure to critical infrastructure and building system information, hackers are more frequently targeting information stored on and flowing through the IT systems of constructors and developers. Below are some tips on how to handle this growing trend.
When hacked, it is imperative to remain calm and remember to think logically. Construction executives must apply the same analytic skills to this problem as they would to any other construction challenge.
For those companies that have cyber insurance in place and the practice drills and education that comes with it, dealing with the breach will be a somewhat less taxing ordeal. However, for the majority of those in the construction and development industry that have not yet purchased a cyber policy, here are some simple steps to follow:
While no company on earth can absolutely avoid the above doomsday scenario, applying basis risk management techniques will help lessen the overall impact the hack would have on the company’s systems. Such techniques involve purchasing cyber insurance through a reputable broker. Most of the major insurance brokers for the construction industry also now have cyber insurance options that can be explored. Many policies will cover the fees for the breach counsel, the forensic expert and the PR/crisis management expert.
Once an insurance policy is in place, construction companies should periodically bring together top-level executives, representatives of the IT department, the company’s in-house counsel, data privacy counsel and its PR consultant and run though practice scenarios. Those scenarios, known as “table top exercises” will help determine what formal policies and plans to put in place for the long run. The table top exercises will help iron out any logistical and personnel issues that may arise on the day of an actual breach and provide for a smoother response to what is becoming an increasingly more common event in the construction industry.
As the common adage goes—"practice makes perfect.” Executives must keep in mind that cyber security is an iterative process that must be updated weekly. It never was, and never will be, a “one and done” process. All involved should treat it accordingly.
For additional information on cyber security, see Failing to Adopt a Comprehensive Cyber Plan Can Lead to Disaster and A Comprehensive Cyber Security Plan Is Key to Robust Risk Management.
Written by {{author.AuthorName}} - {{author.AuthorPosition}}, {{author.Company}} {{author.Company}} Contact Info: {{author.OfficePhone}} , {{author.EmailAddress}}
{{comment.Text}}