Are Hackers a Threat to My Design Firm?

Hackers make headlines daily with targets ranging from major Swiss banks to Minecraft users to German nuclear power plants. But what are the risks to architects and engineers?

keyboard

Professional Liability carrier Victor O. Schinnerer urges design professionals to Take Cyber Liability Exposures Seriously in a recent blog post:

Cyber liability problems that have disrupted firm operations often are based on one of three vectors:

— insiders who are dissatisfied or recognize their ability to tap firm assets and use that access for harm or personal profit;

— past employees who either take digital assets with them or to enact revenge against their former employers corrupt firm systems and information; and

— hackers who know that confidential project data is vulnerable and hold digital information hostage until a ransom is paid.

Hackers Can Wreak Havoc on a Firm

Although internal threats cause many cyber liability breaches, a malicious outsider is one of the greatest fears of professional services firms. A hacker could cause data inaccessibility through alteration or destruction. A firm would lose intellectual property and no longer be able to meet contract objectives and deadlines. Attackers who gain access to a firm’s data can encrypt it using ransom-ware and extort payment to regain access to information. Firms that do not properly preserve digital assets through robust back-up systems often have no alternative but to pay the ransom.

Construction projects today are increasingly dependent on digital technology. The adoption of BIM and the increasing use of digital technologies in designing, constructing, and operating buildings and infrastructure are transforming the way the industry works. The concept of collaborative work through the sharing and use of detailed models and large amounts of digital information requires that parties be aware of vulnerability issues and take appropriate control measures. Improper access controls could lead to an attack severely disrupting progress on a project, causing delays or remedial work that could lead to significant claims from owners, lenders, or other stakeholders. And if confidential information on the structure or systems of projects is accessed by unauthorized parties, the safety of the owners and users of the buildings or infrastructure could be put at risk.

It is possible to insure against these vulnerabilities. Schinnerer’s Cyber Protection Package is one example of such coverage. Here are a few others:

Give your local a/e ProNet broker a call to discuss your options today.

drone

They offer a bird’s eye view of construction sites. They provide breathtaking photographic opportunities for architects looking to showcase their work. And they’re fun to fly. However, while they may be intriguing tools for architects and engineers, drones open up the design firms that use them to many possibly unanticipated risks. These days, obtaining a drone is as simple as stopping at your local WalMart, but all drones are not created equal, nor are all drone pilots equally skilled and certified.

Victor O. Schinnerer’s Risk Management Blog recently offered an overview of this issue. Should your design firm use a drone in your administration of contracted services? Read on:

“Professional service firms have to be aware that the use of drones is not a simple transition in the process of observing the work on a project site. As with web cameras, drone cameras often produce far more images than are used in the evaluation of a project. If not properly denoted in a contract, the scope of the firm’s services could include the use of all the available images as part of the firm’s duty to observe and evaluate the project as part of construction contract administration duties.

“Additionally, while licensed drone operators are undoubtedly careful about having general liability insurance that protects others from their negligence in aerial activities, and follow the FAA’s rules and guidelines, many firms using drone photography are doing so as amateurs. Turning hobby activities into commercial uses is likely to be unlawful, dangerous, and uninsured.”

Continue reading Drone use can put firms at risk beyond their knowledge by Frank Musica

Screenshot 2015-10-16 13.03.11Design firms may not seem like prime targets for hackers, many of whom are after sensitive, personal information, etc., but this assumption can be dangerous for architects and engineers. Intellectual property must be kept secure, and the threat can come from outside hackers, as well as from employees.

As detailed in Schinnerer’s most recent issue of Constructive Comments, the “(t)he Federal Trade Commission (FTC) has developed cyber security principles in its Start with Security: A Guide for Business. The publication’s guidance is based on the FTC’s data security settlements. Lessons from more than 50 FTC cases show how companies can improve their cyber security practices.”

The guide breaks the strategy down into the following ten steps:

 

1. Start with security.

2. Control access to data responsibly.

3. Require secure passwords and authentication.

4. Store sensitive personal information securely and protect it during transmission.

5. Segment your network and monitor who’s trying to get in and out.

6. Secure remote access to your network.

7. Apply sound security practices when developing new products.

8. Make sure your service providers implement reasonable security measures.

9. Put procedures in place to keep your security current and address vulnerabilities that may arise.

10. Secure paper, physical media, and devices.

Access the PDF version of Start with Security: A Guide for Business here.

ConstructionTradeContractors

The appropriate classification of employees is a frequent source of confusion for design firms, usually coming up around the renewal of a firm’s Workers’ Compensation policy. It is an issue ripe with risk on an Employment Practices level. Recent court rulings in Arizona and Utah have resulted in construction firms paying hundreds of thousands of dollars in back wages, damages, and penalties.

As explained on the Schinnerer Risk Management Blog:

In an age of rising benefit costs and other constraints on the operations of professional service firms, some firms are turning to a range of tactics to reclassify workers to take them off the formal payroll and, therefore, lower their costs and administrative burdens. However, doing so may subject the employer to state and federal employment law fines and penalties.

All this is happening against the backdrop of a broader shifting of risk from employers to workers, who are shouldering an increasing share of responsibility for everything from health insurance premiums to retirement income to job security. While the future might present a model where everyone is truly an independent contractor and neither those actually providing services nor those using the services have any continuing or controlling interest in each other, such a situation does not currently exist and any firm that thinks it can avoid employment responsibilities, tax obligations, or employment practices liability needs to carefully consider alternatives to hiring workers.

Regulators and courts have increased their scrutiny of the relationship between business entities and independent contractors. Alleged misclassification of workers has been one of the primary battlegrounds of this shift, leading to high-profile lawsuits.

For decades, some professional service firms have shifted work from employees to independent contractors to cut their overhead and labor costs and, at times, to qualify for special government procurement assistance. Often, this has been accomplished by relabeling workers and slightly altering the conditions of their work. And some professional service firms have simply ignored regulatory and tax guidance and “informally” used the services of professionals and clerical workers as “consultants” or “leased personnel” or “temps.”

Now, however, businesses—including design firms and construction contractors—are turning to other kinds of employment relationships, such as setting up workers as owners of limited liability companies (LLCs) in an attempt to shield the businesses from tax and labor statutes. In response, some state and federal agencies are aggressively clamping down on such arrangements, passing local legislation, filing briefs in workers’ own lawsuits, and closely tracking the spread of what they see as questionable employment models.

Visit the Schinnerer Risk Management Blog to continue reading.

If you have questions about the appropriate classification of your employees prior to your next workers’ compensation renewal, contact your local a/e ProNet broker. We’re happy to help!

The NEW Schinnerer Risk Management Blog

Happy New Year, friends & followers of a/e ProNet! We thought we ‘d take a moment to congratulate our friends over at Victor O. Schinnerer–one of the leading Professional Liability insurance companies in the industry today–on the new, updated Schinnerer Risk Management Blog.

schinnerer_riskmanagement_newblog

For a number of years, Schinnerer’s Risk Management Blog has been an excellent source of up-to-date industry news. Recent posts have included:

If you’re an Architect or an Engineer or a Design Consultant, whether or not your current professional liability insurance carrier is Victor O. Schinnerer, their blog is a great place to look for answers to your everyday questions about insurance, best practices, and, of course, risk management. These referenced posts on the old blog, so be sure to check out the archive. We also encourage you to subscribe to the new WordPress blog if you find this info relevant to you and your business.

Make sure to contact your local a/e ProNet broker if you’re interested in obtaining a Professional Liability quote from Schinnerer. Have a great 2014!