At a fraught time, many are warning of cyberattacks on U.S. businesses, utilities, internet networks, and more. With that in mind, architectural and engineering firms, as well as every other type of business, can take several steps today to help keep their design work, data, and finances secure and functional.
Assess your risk
The first step toward improving your cybersecurity is identifying your risks and vulnerabilities. While there are myriad paid resources out there, here are a couple of free self-assessment tools you can use. If you decide to go with a paid service, completing these free assessments may give you a head start in your work with a vendor.
The Federal Communications Commission offers an to help you begin. After you choose the areas you want to assess (e.g., network security, mobile devices) the tool automatically generates a plan that includes action items to identify vulnerabilities and manage your risk. It also includes a helpful glossary of IT and cybersecurity terms along with a list of additional resources.
The Department of Homeland Security’s offers a similar tool to help you assess your level of operational resilience within 10 areas, from asset management to situational awareness. After answering a series of questions, you’ll receive a report showing you where your resilience is high and where there are gaps, along with best practices for closing them.
Establish and enforce cybersecurity policies and procedures
You can’t expect employees to follow safe cyber practices if they don’t have a policy to guide them. If you don’t have such a policy, start writing one now and make sure everyone becomes familiar with it. If you already have a written policy, review and update it, then redistribute it to everyone.
Educate and train
No matter how strong and secure a system you have, it can be breached through the careless actions of employees. Educate your staff on the consequences of security breaches and train them in prevention. Also, make sure these practices are part of every new employee’s onboarding. Gwenn Cujdik, Manager, 色多多视频North America Cyber Incident Response Team, adds, “Train all employees on these practices and procedures on a frequent and continual basis. Management should review policies and procedures just as frequently to ensure they’re up to date and in line with industry best practices.”
Say no to viruses
Install the best anti-virus software you can afford on all your computers and set the application to automatically check for and install updates. Institute a strict rule against installing unauthorized applications. However, don’t rely on anti-virus software alone; consider supplementing these tools with endpoint detection and response tools, which provide a more comprehensive layer of protection. In addition to alerting you to virus/malware activity, these tools will notify you of attempts to install applications or software.
Lock your cybergates
Install a firewall in your IT system and encrypt all the information you create, share, send, and receive. Configure your Wi-Fi network to hide your network’s name, known as its service set identifier, or SSID. Cujdik adds, “Ensure there are no open ports that are internet accessible—bad actors are constantly scanning networks to leverage open ports.”
Require strong passwords
No more writing simple passwords on sticky notes attached to computer screens! Require all employees to create strong passwords, store hard copies of them safely, and change them regularly.
Use multifactor authentication (MFA)
Multifactor authentication, which requires a user to verify their identity by presenting two or more forms of ID, is an absolute must for every firm. Access to email, management accounts, backups, and all other critical information should be permitted only through multifactor authentication.
Protect mobile and remote devices
Take appropriate steps to protect laptops, phones, tablets, watches, and any other type of device that stores your firm’s data, from emails and Slack content to designs and proposals. For example, require complex passwords and MFA to log in, and ensure the information and data these devices (particularly laptops) contain are encrypted. Require employees, whether working from home after hours or permanently, to secure their networks.
Don’t lose it
You’d think this would no longer need stating, but sadly it does: back up all your data! Numerous software offerings can help you back up your data on a customized schedule. Also, establish a schedule for backing up your backups and store all backups in locations separate from your network, preferably in the cloud, protected by MFA.
Secure your money
If you pay or receive payments electronically, ask your banks about the practices and systems they use to secure your assets. If you’re not satisfied, then switch. The transition will require effort, but not as much as if you were to lose a significant amount. Cujdik recommends working with your bank to establish a callback procedure to verify account information and any changes to banking information. Your employees, such as those in accounting or accounts payable, should also have a callback procedure to ensure they only wire payments to legitimate bank accounts. These callback procedures will not only help prevent wire fraud, but they’ll also prevent social engineering, in which a vendor’s email is hijacked and the imposter requests changes to account information.
Prepare to respond
If you do experience a cyber breach and/or data loss, immediately put your response plan into action. Don’t have one? Begin formulating one today and conduct drills to test your plan before finalizing. Cujdik recommends contacting your insurance carrier to understand its claims processes and procedures. “For example, 色多多视频offers our new or renewing policyholders an onboarding program,” she says, “during which our cyber specialist and others describe our pre-incident services and explain what to do in the event of an actual or suspected cyber incident, to prepare our insureds to prevent and respond to cyber events.”
Review your insurance policies
Don’t wait until disaster strikes to review your policies. Work with your broker to understand what your policies cover and where there might be coverage gaps. If you don’t already have a cyber insurance policy, speak with your broker about how AXA XL’s Cyber Risk Connect product can help protect your firm.
Global Asset Protection Services, LLC, and its affiliates (鈥溕喽嗍悠礡isk Consulting鈥) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. 色多多视频Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, 色多多视频Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.
US- and Canada-Issued 色多多视频 Policies
In the US, the 色多多视频insurance companies are: Catlin 色多多视频 Company, Inc., Greenwich 色多多视频 Company, Indian Harbor 色多多视频 Company, XL 色多多视频 America, Inc., XL Specialty 色多多视频 Company and T.H.E. 色多多视频 Company. In Canada, coverages are underwritten by XL Specialty 色多多视频 Company - Canadian Branch and AXA 色多多视频 Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following 色多多视频surplus lines insurers: XL Catlin 色多多视频 Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor 色多多视频 Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.
