Architecture and engineering firms are still learning how to cope with a growing cybersecurity threat. According to this year’s Global Application and Network Security Report from Radware, nearly half of all companies experienced a cyber ransomware attack in 2016. Vulnerability to loss of personal data, exposure of sensitive or proprietary information, etc., is also on the rise. Tim Corbett of SmartRisk LLC, a longtime affiliate of a/e ProNet, has recently analyzed the report findings. He writes that the gravest irony is that while “Employees are the first line of defense” against cyberattacks, they are also a company’s “greatest cyber security weakness.”

Employees’ personal habits regarding company data and digital interactions open doors for hackers, viruses, and the siphoning of information. If your employees aren’t aware of basic threats and/or best practices regarding cybersecurity, your firm is more likely to lose out. The costs of these attacks can be severe. They are also avoidable. SmartRisk’s post recommends regular and up-to-date cybersecurity trainings for your firm “[t]o obtain a broad understanding, and buy-in from the entire organization.”

Arm yourself with SmartRisk’s Checklist

According to SmartRisk, cybersecurity training should take place annually. Corbett offers a checklist for these trainings. Remember to include “all members of the organization, including senior management… so they are knowledgeable of recent trends, monitoring methods, and controls used to prevent the installation of malicious code on the organization’s computer systems.” He also recommends making cybersecurity training a standard protocol for new hires. It’s probably a good idea, as well, to encourage your IT department to be accessible for even basic questions on cybersecurity. Demystifying the response to the threat will empower your employees to be proactive in protecting the company’s interests.

October is Cybersecurity Awareness Month, so you can find a/e ProNet’s past posts on related issues here:

Federal Trade Commission Releases How-To Cybersecurity Guide (Oct 2016)

Cyber Security Awareness & Last Week’s DDOS Hack (Oct 2015)

As always, if you have further questions, please contact your a/e ProNet broker.

For the last few sunny days, a/e ProNet members from across the country have gathered in Scottsdale, Arizona for our annual Spring Meeting (March 1-3). a/e ProNet brokers are independent. Technically, we operate as competitors. Membership is by invitation only. We come together voluntarily as recognized leaders in our industry, meeting the insurance needs of architects and engineers. Our combined premium volume, experience, and national reach make our meetings an attractive target for insurance companies, premium finance companies, and other professionals. With our two annual meetings, we keep our fingers on the pulse of the insurance industry and advocate for our clients.

The Spring Meeting

The purpose of our Spring meeting has changed over the last three decades. Invited representatives from the companies and industries mentioned above present to the group on educational topics. This year, attorney David Ericksen of Severson & Werson in San Francisco also organized a series of five panel discussions:

  • Non-Traditional Project Delivery Methods
  • Cyber Communication Conundrums
  • The Prime/Sub Team: Roles, Responsibilities & Risks
  • Contract and Claims Connections
  • Material Transparency & Building Green

Ericksen staffed these panels with underwriters, claims adjusters, etc. from companies like Victor O. Schinnerer, AXIS, Hanover, RLI, Beazley, and several other a/e ProNet sponsors. The panel environment increases the awareness of each company regarding their competitors’ products and services. As well, it gives our members a quick, comprehensive understanding of the market’s overall perspective on these issues. Continue reading “a/e ProNet Holds Annual Spring Meeting in Arizona”

Are Hackers a Threat to My Design Firm?

Hackers make headlines daily with targets ranging from major Swiss banks to Minecraft users to German nuclear power plants. But what are the risks to architects and engineers?

keyboard

Professional Liability carrier Victor O. Schinnerer urges design professionals to Take Cyber Liability Exposures Seriously in a recent blog post:

Cyber liability problems that have disrupted firm operations often are based on one of three vectors:

— insiders who are dissatisfied or recognize their ability to tap firm assets and use that access for harm or personal profit;

— past employees who either take digital assets with them or to enact revenge against their former employers corrupt firm systems and information; and

— hackers who know that confidential project data is vulnerable and hold digital information hostage until a ransom is paid.

Hackers Can Wreak Havoc on a Firm

Although internal threats cause many cyber liability breaches, a malicious outsider is one of the greatest fears of professional services firms. A hacker could cause data inaccessibility through alteration or destruction. A firm would lose intellectual property and no longer be able to meet contract objectives and deadlines. Attackers who gain access to a firm’s data can encrypt it using ransom-ware and extort payment to regain access to information. Firms that do not properly preserve digital assets through robust back-up systems often have no alternative but to pay the ransom.

Construction projects today are increasingly dependent on digital technology. The adoption of BIM and the increasing use of digital technologies in designing, constructing, and operating buildings and infrastructure are transforming the way the industry works. The concept of collaborative work through the sharing and use of detailed models and large amounts of digital information requires that parties be aware of vulnerability issues and take appropriate control measures. Improper access controls could lead to an attack severely disrupting progress on a project, causing delays or remedial work that could lead to significant claims from owners, lenders, or other stakeholders. And if confidential information on the structure or systems of projects is accessed by unauthorized parties, the safety of the owners and users of the buildings or infrastructure could be put at risk.

It is possible to insure against these vulnerabilities. Schinnerer’s Cyber Protection Package is one example of such coverage. Here are a few others:

Give your local a/e ProNet broker a call to discuss your options today.

Screenshot 2015-10-16 13.03.11Design firms may not seem like prime targets for hackers, many of whom are after sensitive, personal information, etc., but this assumption can be dangerous for architects and engineers. Intellectual property must be kept secure, and the threat can come from outside hackers, as well as from employees.

As detailed in Schinnerer’s most recent issue of Constructive Comments, the “(t)he Federal Trade Commission (FTC) has developed cyber security principles in its Start with Security: A Guide for Business. The publication’s guidance is based on the FTC’s data security settlements. Lessons from more than 50 FTC cases show how companies can improve their cyber security practices.”

The guide breaks the strategy down into the following ten steps:

 

1. Start with security.

2. Control access to data responsibly.

3. Require secure passwords and authentication.

4. Store sensitive personal information securely and protect it during transmission.

5. Segment your network and monitor who’s trying to get in and out.

6. Secure remote access to your network.

7. Apply sound security practices when developing new products.

8. Make sure your service providers implement reasonable security measures.

9. Put procedures in place to keep your security current and address vulnerabilities that may arise.

10. Secure paper, physical media, and devices.

Access the PDF version of Start with Security: A Guide for Business here.