1. Evolving Tech World Brings New Risks to Construction Industry
As construction contractors expand their roles in project design and deploy digital technology for
everything from project modeling to daily operations, credit professionals in the industry should
keep a close watch on the risks posed by potential hacks and other compromises of digital security.
Much of the data involved in construction projects, from design plans and management work to the
storage of confidential customer data, is at risk for hacking or digital blackmail as businesses move
to store more of this valuable information in-house or with a cloud provider, according to a recent
report by insurance firm Chubb. These risks can bring steep costs—the average cost of a data
breach increased by 23% in the last two years to $3.8 million.
“Hackers have reportedly shown interest in building designs in recent years, and sophisticated
malware that targets computer-aided design programs has been identified,” Chubb authors Diana
Eichfeld and Matthew Prevost wrote. Cyber crime is most likely encountered in email phishing and
other attacks designed to take advantage of human error. The hackers commit fraud or gain access
to login credentials that can lead them to more sensitive information. Still more risks arise from
contracts that use a cloud service provider or from loss of control over data being transferred,
network outages that tie up projects and regulatory compliance issues. “As contractors continue to
adopt new onsite mobile technologies, such as tablets and smart phones, they should recognize
that the loss or theft of even one device can represent a serious security breach,” the Chubb
analysts noted.
Sam Smith, regional finance manager at Crescent Electric Supply Company in East Dubuque, IA, said
many small and medium-sized companies are moving to store more information on the cloud.
Although he believes that the information is safe most of the time, companies still have to take the
necessary steps to protect against potential breaches.
Personal guarantees, for instance, can contain sensitive information like social security numbers. If
hackers access that information, it could cause a host of issues for a credit professional, he noted.
In such a case, he does not usually email the information to the people doing the personal
guarantee for him; rather, he either hand-delivers or faxes the information. In some cases, he sends
the information in separate faxes so hackers won’t be able to connect a name with a social security
number.
“I have to treat that information like it’s mine and how I would want my information to be treated,”
Smith said.
Chubb suggests broadly applying three cyber-security strategies to meet these risks:
“confidentiality, availability and integrity of information on in-house corporate or cloud networks.”
To that end, Chubb advises keeping sensitive project information available only to people who must
use it and ranking data by sensitivity. Also, ensure the credit team knows the necessary procedures
for keeping information secure.
- Nicholas Stern, NACM editorial associate
Page 1 of 6The National Association of Credit Management: eNews
5/25/2016http://nacm.org/enews.html

2. Page 2 of 6The National Association of Credit Management: eNews
5/25/2016http://nacm.org/enews.html

3. Page 3 of 6The National Association of Credit Management: eNews
5/25/2016http://nacm.org/enews.html

4. Page 4 of 6The National Association of Credit Management: eNews
5/25/2016http://nacm.org/enews.html

5. Page 5 of 6The National Association of Credit Management: eNews
5/25/2016http://nacm.org/enews.html

6. Page 6 of 6The National Association of Credit Management: eNews
5/25/2016http://nacm.org/enews.html