Technology has expanded the way we work. We can now share data instantaneously, which both improves our productivity and expands the challenges we deal with daily.
With the steady progression of the Internet of Things (IoT) and other technologies, job practices such as virtual design and the virtual sharing of plans are becoming the norm. As construction companies increasingly incorporate and rely on new technology, job site risks are expanding.
This means there are risks that can’t be seen at the physical location — such as cyber risks — which is why the term borderless job site should start to resonate with contractors.
With these new challenges, it’s more important than ever for risk managers to broaden their thinking around risks that could impact a job site and develop a plan that protects both its physical and digital presence.
Where has technology infiltrated your jobsite? That is what contractors need to think about when investigating potential cyber risks.
Virtual design and project mapping is allowing more collaboration in a faster way. Using technology, partners can conveniently work together from any location on the design elements for a project long before construction begins. However, because information is stored digitally, it can be vulnerable to hackers.
“To help contractors protect sensitive information, we suggest limiting the number of employees and partners who can access the material, making sure passwords are strong and secure, implementing a multitier sign-on process and establishing a backup kept at a different location that tracks changes to documents,” Bob Kreuzer, vice president, risk control at Travelers Insurance says
Many job sites and buildings also have technology that enables off-site users to turn on lights, control temperatures and utilize water sensors and alarm systems. This can pose potential threats as well.
“During the construction phase, there are many people coming in and out of the site, which could create an opportunity for tampering (for example, disabling smoke alarms or heating systems),” Kreuzer says. “These technologies may also be vulnerable to hacking after completion of a project. Helping owners understand these risks and what protective mechanisms have been installed is an important component of turning over a project to the owner.”
Threats from Wearable Tech
When used properly, wearable technology can help improve the quality of work and the safety of employees on construction sites, but if a company is investigating in wearable technology, there are additional risks to consider.
“We are starting to see contractors test different types of devices like smart glasses or proximity sensors,” Kreuzer says. “Before using any of these new wearable tools, it’s important to train everyone who may be using them so they understand how these tools work, how they can benefit them and how to avoid problems that can arise while they are in use.
“In some cases, there might be a less experienced employee on-site wearing this technology and doing the work with a more experienced person in an office watching remotely and providing recommendations and instructions. While this is certainly convenient, the person in the office isn’t experiencing the tasks with all senses, which might make giving advice or direction riskier.
“And like with other forms of technology we’ve mentioned, wearable devices can also be vulnerable to hacking or malfunctions. We are working with our construction customers to test a variety of wearable devices, and with that work, we hope to not only identify wearable devices that can reduce the risk of injury but also better understand the settings where they could have the greatest impact on safety.
While all of the potential risks associated with using wearables on the job site are still largely unknown, they could involve risk of a cyber-attack, creating a false sense of security leading to bodily injury or the technology may not be able to sustain certain construction environment challenges.
“In regards to cyber risks, if information is not properly secured and a breach occurs, sensitive information may be in jeopardy,” Kreuzer adds. “It is important to keep virtually stored information safe and protected. It’s also a good idea for businesses to make sure they are working with someone that has cyber expertise to help implement other controls as well.”
Preventing a Breach
It is clear there are many risks associated with technology, so how can a construction contractor counteract these potential risks? Business decision-makers need a strong understanding of what their cyber risks are and how they can be managed. This will allow them to communicate dangers with employees and fully integrate the company and its employees in behaviors that help limit risks. Every company is different, but members of a business’s leadership team are typically involved in creating these steps.
It’s a good idea to involve IT in the decision-making on how to help protect the company and in planning business strategies to protect from potential cyber-attacks, but do not leave decision-making solely to them.
“Knowing what steps to follow after a breach is crucial and can help minimize the damage, Tim Francis, enterprise cyber lead at Travelers Insurance says. “Having a plan in place before an incident occurs, and updating that plan as needed, is key. However, that plan won’t be any good if employees aren’t aware of the risks and informed of safety protocols, so educating them is just as critical.”
Creating the proper safeguards — such as the use of firewalls, antivirus technology and intrusion detection systems — can help prevent an attack from happening, but breaches can occur even with preventive measures in place. Companies would benefit from also having systems in place in the event something does happen. This can include insurance policies to manage financial risks and a crisis communications plan for internal and external parties.
While technology can be a great thing, it also has the potential to be detrimental to a construction business. Maybe now is a good time to talk to an insurance agent, an insurance company or someone who offers risk management services about your company’s potential exposures and how to best address them.