Any business connected to the internet is at risk of a cyberattack. And it’s not just large companies. A report from Verizon says small businesses represent 85 percent of the targets of opportunity for data breaches.¹

Cyber criminals are everywhere, but studies say the most common cause of a data breach isn’t hacking. It’s lost or stolen portable devices such as phones, laptops, tablets and flash drives.²

All of them. Unauthorized users could exploit any of your data, whether it comes from a Building Information Modeling (BIM) system, telematic solution, project management software, CRM tool, or corporate financial or HR system. Your clients’ data—as well as your subcontractor’—may also be at risk if you share network access.

Some intruders want site plans, drawings, contract terms or bid information. Others could be after fleet data, customer records, financial statements or banking info. Identity thieves would love to get their hands on personal information about your employees—full names, social security numbers, bank account data, medical history. And some folks just want money. Using what’s called a ransom-ware virus, they capture your data and hold it hostage—effeciently locking you out of your systems until a ransom is paid.

The average cost of a date breach is $4 million according to a 2016 report from the Ponemon Institute, an independent research firm that studies information security. The average cost per lost or stolen card is $158.³

What’s Included in Those Costs?

The costs associated with a data breach vary according to th situation, but you can expect to spend money on things like:
• Internal investigation of th4e breach.
• IT experts hired to find and fix the issue
• Other professional serices (legal counsel, crisis communications, hotline support, free credit monitoring)
• Communications to employees, clients and others
• discounts or promotions to retain or attract customers

That depends. Many general commercial liability policies don’t cover cybercrime, so you may need extra protection. However, all cyber policies are not created equal, so your best bet is to work with a trusted provider who can tailor coverage to meet your needs.

Everyone in your company has accountability. It starts at the top with leaders who are willing to invest time and resources in developing a security strategy, administrative policies and written workplace procedures. All others in the organization need to be educated about your policies and trained to use specific processes that support your data security goals. Data security should be part of the ongoing conversation between employees and their supervisors and a component of the annual performance review process.

Start with the fundamentals. 

• Inventory the data. Know exactly what you have, where you store it and who has access to it.

• • Store data centrally—either on secure servers or in the cloud—but not on individual hard drives.
  
• • Invest in an enterprise-grade firewall and make sure security patch updates get done regularly.Use centrally managed anti-malware
     on all company devices, even personal devices that can access company networks.
  
• • Make sure all personal devices used to access company networks are equipped with data encryption, passwords or PIN locks.
  
• • Insist on rigorous password protection. Use a mix of numbers, letters and symbols. Change passwords every 90 days. Include lock-out
     provisions that freeze accounts after a certain number of incorrect log-in attempts.
   

Make sure all data is backed up on a regular schedule.

Start with your professional network. Ask friends and associates for referrals and recommendations. Look for someone with proven experience in the construction business. Inquire about advanced qualifications and certifications. Interview more than one candidate. Speak with references and read reviews on the internet. Before making your final choice, clarify expectations regarding time, scope, cost, personnel requirements, communication, training and other factors that are important to you.