web analytics
Home | Columnists | Insurance | Why Should Contractors Care About Cyber Exposures?

Why Should Contractors Care About Cyber Exposures?

image Stan Gregory, Safety & Risk Consultant, INSURICA, San Antonio, TX

AUSTIN - Cyber exposures and the insurance policies designed to respond to cyber-related events have been a hot button within the insurance industry for a few years. With certain industries, exposures are obvious and abundant, but what about cyber risks related specifically to the construction industry?

 

 

 

    Any industry that conducts business over the internet is at risk, and the construction industry is no exception. According to an article in the Miami Herald, “given the increasing popularity of practices such as Building Information Modeling (BIM), Integrated Project Delivery and file sharing between participants in a construction project, contractors may be at increased risk of liability in the event of a data breach. A hacker may be able to access architectural designs, including the designs of security systems and features; financial information; confidential project-specific information; and personal information of employees.”
    You may remember retail giant Target being the victim of a cyber attack in 2013, which resulted in tens of millions of customers’ credit card data being compromised. What you may not know, however, is that the source of the data breach originated from a small HVAC contractor who was the target of a phishing scheme. An employee received an e-mail from someone who they thought to be a legitimate source, and upon opening the e-mail, malware (malicious software) went to work behind the scenes without being caught by the anti-virus software.  In the end, a regulatory commission fined the contractor $218,797 for failure to protect personally identifiable information.
    Cyber security experts agree on one thing wholeheartedly: the threat of cyber crime isn’t going anywhere anytime soon. According to information from Travelers Insurance, here are some trending cyber threats to be aware of:
    Ransomware – malware that is installed on a machine, allowing hackers to extort victims
    Vendors – even if your company is secure, many business partners may not be
    Negligent Employees – workers create liabilities accidentally or absent-mindedly
    Hackers – criminals who intentionally attack computers and servers
    Social Engineering – employees being tricked by targeted phishing campaigns
    It’s important to note that standard commercial general liability polices do not cover claims arising from these types of events. Sure, there are Cyber Liability policies designed to respond to certain cyber events, but these policies will be underwritten to ensure a contractor is doing everything they can to prevent data breaches. So what can contractors do to thwart off would-be cyber attacks before it’s too late? To begin, here are a few things every contractor should be doing:
    Train employees and communicate about cyber security. It is estimated that more than half of cyber fraud could be prevented through better education of end users.
    Utilize security software on company servers and devices. Anti-virus software provides real time protection and automatically receives the most current malware definitions.
    Ensure firewalls are utilized and updated regularly. Many cyber-related attacks occur because firewalls or anti-virus software is out of date.
    Encrypt mobile devices used to access the company’s network. All devices accessing network drives should be equipped with hardware and software data encryption.
    Secure all Wi-Fi networks. At the office and at jobsites, all wireless signals should be encrypted and secured with a password.
    Back up data regularly. Utilize a trusted cloud storage provider.
    When it comes to cyber security, there is no silver bullet. No matter how secure a company might be, there is no such thing as “100% secure” when it comes to cyber crime. However, if a contractor does nothing to prevent attacks, they are essentially leaving the door wide open to a growing world of criminals. When you take appropriate precautions, at least you can rest easy knowing you’re doing everything you can to protect what you’ve built.

Stan Gregory is a Safety and Risk Consultant and a leader on INSURICA’s Risk Management team. He has more than three decades of experience working with loss control,
safety planning, and risk management for
clients within the construction and energy
industries. He can be reached at 210-
805-5915 or sgregory@INSURICA.com.


Need a Reprint?


   
Author Info

Reesa Doebbler reesa@constructionnews.net