It’s Time for Home Builders to Get Serious about Cyber Security

Filed in Committees and Councils, Legal, Technology by on July 23, 2018 0 Comments

The infamous 2013 Target cyber attack, which saw credit and debit card information from 40 million consumers exposed, began when hackers gained access to the Target payment system through an HVAC contractor.

With nearly every aspect of the home building industry moving online and most information stored in digital formats, it’s time for every home builder to seriously assess their cyber security and potential exposure to liability.

Home builders store and electronically share a trove of personal and financial data on clients, potential clients, vendors, suppliers, partners and more. Some of this data includes payment information. And most business-critical information – like building plans and proposals – is also kept in a digital format.

So it’s little wonder why a residential construction business might be a target for cyber criminals.

“It really is not a matter of if, but when,” said Kristen Hilton, CIPP/US, an attorney with Sussman Shank LLP in Oregon. “And, of course, how much it will cost.”

Loss of trade secrets, loss of reputation and even elicit bank account access are certainly huge concerns in a cyberattack. But the liability associated with exposing others’ personal and sensitive information to intrusions is where the real risk lies.

“There are many state privacy law implications to storing information containing personal and financial data,” said Hilton. “If that data were to be exposed, there could be legal and civil liability.”

Hilton notes that construction companies, like most other businesses, have numerous points of entry for malicious hackers. “Many people connect their company laptops and tablets to public Wi-Fi,” she noted. “That could be a vulnerability.”

The first line of defense is strong digital information training for all employees, not just those that operate computers and other connected devices. All employees should be aware of phishing and other social engineering techniques that are popular with cyber criminals.

Home builders must also conduct an audit of their information security practices. This includes identifying where important data is stored and how it is accessed – for example, are important files kept on a cloud server? What is the security like on that server? – and developing an incident response and business continuity plan in the event of an intrusion.

Vendors and suppliers should also attest to their security measures and be prepared to provide documentation.

Business owners also should consider cyber insurance coverage. If a breach or digital theft occurs, the policy can cover some or all of a company’s losses. And many policies for small businesses are affordable at around $200 per month.

For more information on cyber security in home building, come to the 2018 Midyear Board of Directors Meeting in Portland, Ore., this week. Hilton will be presenting to the Construction Liability, Risk Management and Building Materials Committee on Friday, July 27.

For more information on construction liability, contact David Jaffe at 202-266-8317.

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *