The 2021 Data Breach Outlook Study by Kroll, a risk consulting firm, shows the number of data breaches in the construction industry increased 800% from 2019 to 2020, according to www.forconstructionpros.com.
In recent years, the increase of new technologies and connections on job sites has made companies vulnerable to cyberattacks. At least 43% of those surveyed for the study said they believed they were ill-prepared for a breach.
Brian Lapidus, global practice leader for Kroll’s Identity Theft and Breach Notification practice, provides the following tips to help contractors keep their businesses safe.
- Have a cyber expert and an attorney on file so you know who to call when a problem arises.
- Practice your company’s response to a cyber threat the way schoolchildren and some businesses practice fire drills. For example, training exercises can include how to react to suspicious emails.
- Renew training periodically to improve employee response to potential threats.
- Before a cyber breach occurs, be sure you know where your company’s data—employee data, customer data, security data, proprietary data—is kept.
- Ensure someone on your team stays current regarding cybersecurity threats and technology.
- Encrypting data is a best practice within the cybersecurity industry, but it is not enough to protect a company. Lapidus recommends using a virtual private network as an additional layer of security.
- Monitor your networks to ensure all entry points are protected. It also helps inform a company about whether the network has been infiltrated by a cyber intruder.
- When contractors pay subcontractors and vendors, large amounts of money exchange hands. Your company needs to be sure those wire transfers are secure and safe from cyber threats; for example, you can provide wire instructions and then force a phone call for a password or specific digits.
- Appoint someone at your company to oversee cybersecurity information and make decisions.
- If your company experiences a cybersecurity breach, it is important to communicate with and protect employees from any potential risk. Be cognizant of the effects a breach of data would have on your employees.