COMMON CENTS CONSTRUCTION
Even Contractors Are a Target:
The Reality of Cyber Crime
By Bo Mocherniak
Gone are the days when larger, more lucrative businesses were the primary target of cyberattacks. Today—as an increasing number of construction companies rely on the Internet of Things (IoT), sophisticated project software solutions and remotely-accessible systems to compete in a technologically-advanced marketplace—hackers now have their sights set on small- to medium-sized businesses as well.
This is largely due to the fact that limited IT budgets—combined with the frequently-held misconception that it’s possible to be too small to be attacked—prevent many mid-sized construction companies from investing in cybersecurity systems at all. As a result, their digital intellectual property, proprietary assets, architectural drawings and specifications, and corporate banking information are ripe for the taking—by virtually anyone.
Even the most primitive hackers can access employee and client information—such as full names, Social Insurance Numbers (SINs) and bank account data—from an unprotected database. In addition, smaller contractors and subcontractors are an excellent way to gain access to the networks of larger organizations. Given the amount of personal information home builders collect about buyers, they are also a target for hackers interested in gaining access to client networks.
The longer it takes a business to detect an attack, the more damage it can cause—both from a reputational and financial perspective. And given how rapidly technology is evolving—and how stealthy cyber criminals are becoming—speed of detection, rather than prevention, is now the name of the cybersecurity game.
If you’ve been debating whether a stronger cyber defence system is worth the investment, consider these three facts:
1 Complex reporting requirements mean you have more valuable data on hand.
Between the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (Bill 198), Personal Information Protection and Electronic Documents Act (PIPEDA), and new regulations surrounding foreign homebuyers, builders and contractors are now required to keep track of a plethora of client information—information that could be incredibly valuable to cyber hackers.
To prevent it from getting into the wrong hands, it’s essential to have clear policies in place. Not only does this involve understanding what information is being held—even temporarily—but it must also include implementing a proactive plan for managing and protecting access to that information.
2 The world is becoming increasingly digital.
Project management software has come a long way, leading to greater efficiencies across the board, including better tracking of project profitability. To prevent hackers from gaining access to this information—including project pricing—it’s essential to protect both physical and electronic forms of information and prepare for realistic information-breach incidents that could have an impact on your business, such as a lost laptop or compromised web application.
3 Home building and renovation jobs are getting more complex.
Very rarely does a real estate project involve one company or contractor. For this reason, it’s not only essential to ensure your IT infrastructure is secure, but your contractors and subcontractors as well. Implementing policies and procedures that clearly outline the cybersecurity responsibilities of your third-party relationships—and taking steps to only partner with companies that abide by them—will greatly strengthen cybersecurity across your entire project.
Today’s cyberattacks have been known to cause long-lasting damage—including financial losses, slashed credit scores, reputational damage, increased insurance premiums, lost business and the list goes on. Attacks occur at an alarming frequency, and they don’t discriminate. Every business—regardless of size or industry—is a potential target.
Fortunately, cybersecurity solutions are evolving as well, allowing organizations to remain two steps ahead of today’s intelligent cyber criminals while simultaneously leveraging the power of technology to achieve their business objectives. By putting in place some simple policies, and enhancing your communications with your suppliers and subcontractors, you can help limit the exposure. The key, however, is to take a proactive stance, rather than waiting until it is too late.
Bo Mocherniak is the national industry leader of the construction, real estate and hospitality practice at Grant Thornton LLP. He also sits on the Grant Thornton International real estate sector group, providing his insight on market trends within the industry. He can be reached at email@example.com.
2017 Autumn issue on-line: