In today's world, most information is digital, transferred electronically and stored in the cloud. A cyberattack could do great damage to your company and cybersecurity measures aimed at fending off, mitigating and responding to an attack, is something that all business owners need to be concerned about today.
Michael Denniston with Bradley Arant Boult Cummings, LLP, recently tackled the subject of "Cybersecurity in the Construction Industry" in his blog post at JDSupra Business Advisor (jdsupra.com). He warns that any business connected to the internet is at risk for a cyberattack, and contractors have a wide variety of information that is attractive to cyber-criminals, including employee information, construction data, company financial information, and more.
Cyberattacks are unpredictable and take many forms, ranging from email "phishing" schemes to sophisticated hacking or denial of service attacks. However, Denniston says planning for cybersecurity can mitigate the threat. Take these steps to stave off or stop the attack and guide the response:
- Establish Incident Response Plans. Prepare a plan for responding to an incident. The plan should address both stopping an ongoing attack, securing data from further breach, and notification procedures for personnel or partners whose data was compromised.
- Define Key Responders. The personnel tasked with responding to the attack must know their role and action steps. While identifying a team leader is essential, the leader needs to be able to rely on other previously identified personnel to assist.
- Establish Lines of Communication. In responding to a cyberattack and its aftermath, communication is key. Communication has both internal and external elements. Internally, employees and department heads must know when a situation needs to be escalated and to whom the report must be made for the best response. Externally, the company must establish lines of communication in the initial response when it identifies a breach (to network providers, outsourced IT personnel, banks, and law firms), and in follow-up response (to government regulators and affected internal or outside personnel).
- Ready and Train Employees. All employees should receive training, at the appropriate level, on how to respond and lines of communication. Internal IT personnel may receive detailed training about the latest cybersecurity measures and programs. Management may receive training from law firms and law enforcement about threats and legal remedies. All personnel should receive training on the “simple” points: password security, being wary of opening attachments to email from unknown or unlikely sources, and being able to spot a phishing email.
The first step is realizing your digital data is vulnerable, but having a plan in place and a team that understands it can go a long way in preparing for the possibility of an cyberattack. It may not prevent the attack, but it can help mitigate the damage.
For more information, visit jdsupra.com.
Thanks for reading!
![[VIDEO] Create a Time Card with Edifica Project Management Mobile App](https://img.forconstructionpros.com/files/base/acbm/fcp/image/2016/04/default.570e79f6888bd.png?auto=format%2Ccompress&fit=crop&h=167&q=70&w=250)
![[VIDEO] Scarifier Drum Setup: CPM8 4-in. Line Removal, Carbide Cutters](https://img.forconstructionpros.com/files/base/acbm/fcp/image/2016/04/default.5703c2adbaf64.png?auto=format%2Ccompress&fit=crop&h=167&q=70&w=250)
