Many contractors believe that they have little exposure to cyber-crime if they don’t take credit cards or store credit card data. Unfortunately, hackers have many ways to profit from your information once they’ve gained access to your computer system.
Why contractors need to be concerned
It’s not just large financial institutions or retailers that get hacked. In fact, Verizon’s “Data Breach Investigation Report” states that 85% of targets are small businesses. There are a number of reasons hackers may want to gain access to your systems, including:
- Access to Personal Information. While contractors may not have as much personally identifiable information (PII) as a retailer or financial institution, construction firms still have employee information that could include social security numbers, bank accounts for payroll, as well as healthcare information.
- Access to proprietary corporate assets including privileged contracts, project/bid data, architectural designs (including security designs), and intellectual property. Hackers may also target information regarding a construction organization’s bank and other financial accounts via social engineering and phishing schemes, and then attempt to entice an employee to unwittingly transfer corporate funds/assets.
- Access to personal information on other organization’s servers. One of the most prominent examples of this is the Target breach in which the initial intrusion was traced back to credentials stolen from an HVAC contractor.
- Extortion (Ransomware). Ransomware is typically introduced as an attachment or link associated with a seemingly harmless e-mail message. The intent is to breach a corporation’s systems spreading malware and encrypting corporate data. The company is then forced to pay a ransom in order to recover/unlock any data that has not been backed up. See what happened recently to Rockville’s Hard Times Café.
Once a breach or hijacking occurs, the inevitable costs due to business interruption, state regulatory actions, fines and penalties, notification requirements, ongoing credit monitoring, defense of claims by individuals or corporations for allowing access to their information, and public relations responses can be too much for a business to bear. Your cyber risk management plan should include strong network security, a response plan in case an attack on your system occurs, and a comprehensive Cyber Liability policy in place to cover your losses. A Cyber Liability policy won’t prevent an attack, but when one does occur you’ll have the expertise and funds to implement a swift response.
About the Author: Laura Flowers has been a licensed agent since 2003, a Certified Insurance Counselor since 2007 and is currently working towards the Certified Risk Manager designation. Laura has been with Marsh & McLennan Agency, known locally as Insurance Associates Company since 2006 and works as both Underwriter and Account Manager specializing in mid-size construction and auto service and repair risks. In her free time Laura enjoys training in Thai kickboxing/Personal Defense, skiing and going on long bike rides with her daughter.