(971) 645-4292

Data Security For Contractors: How To Plan And Prepare

June 21, 2022

Cecilia De La Rosa

Cecilia De La Rosa

Construction projects are rife with risks, and contractors know how to identify and mitigate those risks. However, the risk of cyber-attacks is often overlooked by contractors. The industry has traditionally been slow in adopting technology, but the pandemic has accelerated the need for connectivity and data sharing technology. With this increased reliance on technology and the internet, construction companies are more vulnerable to cyber-attacks. The 2022 Verizon Data Breach Investigations Report reviewed over 23,000 incidents and 5,200 confirmed breaches from around the world. Overall, ransomware attacks increased by 13%, making up 25% of data breaches. Among all incidents, 82% involved the human element, which takes advantage of human laziness and fallibility. When it comes to targeting companies, very small businesses (those with 10 or fewer employees) are at particular risk. The number one attack against very small businesses in 2022 was ransomware. The second most popular attack was use of stolen credentials, such as usernames and passwords. Very small businesses are more vulnerable because of their limited resources and the fact that they cannot rely on trained staff to prevent attacks. In order to respond to and address cyber security, contractors need to develop a cyber security plan. The plan should identify a company’s response team, including contact information, identify critical business continuity and workplace safety issues, assign roles and responsibilities if an attack should occur, and outline training and practice methodologies. Once developed, the plan should be printed out on paper, as it may not be available electronically if computers are down or compromised.

How to develop a data security plan

Now let’s go over the key steps to developing a data security plan.

1. Identify your response team

Companies should identify both their internal and external data security response team members. Internal company team members may include employees representing management, IT, and human resources. External members may include legal counsel, investigators, vendors, and public relations or marketing companies. These team members will work together to make critical decisions that affect the success of the response and the future of the business. Because valuable time can be lost trying to identify and work with response team members, it’s beneficial to identify them ahead of time and engage third parties as needed.

2. Identify critical business continuity and workplace safety issues

The response team works together to anticipate which processes and safety issues could be jeopardized by a cyber-attack. As much as possible, the team should also develop contingency plans to maintain operations while they are investigating and mitigating the damages.

3. Purchase cyber security insurance

Insurance coverage is available for cyber-attacks. It covers damages for all forms of attack, including ransomware. Contact your business insurance agent to get a quote and coverage details. Once a policy is in place, the first step in your response plan should be to notify the insurance company. They may have additional resources to help you mitigate damages and investigate the incident.

4. Assign roles and responsibilities

The next step is to assign roles and responsibilities to internal and external team members. Plan steps may include investigation, coordination with law enforcement, customer and vendor notification, compliance review, and reevaluation of the plan based on lessons learned.

5. Train all employees

Gather team members together and simulate a data breach incident and run through the response plan. This will give members valuable experience working together and going through the process of investigation and mitigation. The plan should be evaluated, and changes made if needed.

5 Tips for avoiding data breaches

In addition to creating a response plan, there are a few things you can do to prevent an incident from happening.

1. Locate your data

Find out where your company data, such as employee data, customer data, and proprietary data, is stored. Knowing the exact location of data within your system may reduce the number of customers or vendors you need to notify if a breach occurs.

2. Update software and hardware

Use only the latest in hardware and software and keep them updated. As new technology and information becomes available, you will want to stay ahead. By staying current, you reduce risk.

3. Use encryption and VPNs

Data encryption is a best practice within the cyber security industry, but it isn’t enough to protect your company data. Virtual private networks (VPNs) protect privacy online. They use encrypted data and hidden IP addresses to keep your data and connection safe.

4. Monitor your network

Companies should monitor their networks at all times, so they know whether it has been infiltrated or attacked.

5. Use wire transfers safely

Construction payments often involve large sums of money being transferred between accounts through wire transfers. To ensure the safety of the account information traded in these transactions, all wire transfer information should be confirmed via phone or in person conversation. A wire transfer requested by email should not be sent without verification.

Data security is important for all contractors, especially as more data is now stored electronically. Creating a data security response plan and following best practices will help contractors protect themselves from cyber-attacks.

Recent Post

Amputations are severe yet preventable injuries in construction, often caused by unguarded machinery and improper tool use. Adhering to OSHA regulations, maintaining equipment, and implementing comprehensive safety programs are crucial steps to minimize these risks and ensure worker safety.
Construction heat safety is vital due to the risk of workplace fatalities and severe OSHA penalties for non-compliance. Employers must implement comprehensive heat safety programs, including worker acclimatization, hydration, and monitoring for heat stress, to ensure a safe working environment and avoid legal repercussions.
The National Safety Stand-Down addresses fall-related hazards, the leading cause of construction fatalities, and helps companies avoid severe OSHA penalties. By participating, firms can enhance fall prevention practices, such as using guardrails, personal fall arrest systems, and conducting regular safety training to ensure a safe and compliant work environment.