Major cyber security breaches are constantly in the news, inviting waves of anxiety among, well, everyone. It’s not just big political players, media companies, and financial giants that are threatened—AEC firms need to watch out too.
Hackers have turned their attention to professional services firms in recent years, looking for vulnerabilities in a business’s IT infrastructure in an attempt to swipe confidential and valuable information.
While AEC firms may not have the vast quantity of financial information that certain other types of businesses do, the confidential and sensitive information your firm has can be just as damaging to your clients if it gets into the wrong hands.
That said, don’t start panicking. There are a number of measures you can take to make sure that you, your employees, and your clients stay safe. Here are three suggestions.
1. Explain to employees what they can do to help.
When a new, confidential document arrives at your firm via email, your employees are the first individuals to touch it. It’s your responsibility to ensure that they know what to do to keep this information safe.
A project management and accounting platform such as BQE Core, which includes a secure document management system, makes it easy to store new and existing documents. The software you use for financial and other sensitive information should encrypt their data with TLS (Transport Layer Security) with multiple layers of security controls including firewalls, intrusion protection systems, and network segregation
Organize an all-day seminar where you can demonstrate to your employees how to use your software and explain the importance of keeping your clients’ information safe.
2. Get help from your IT department.
You’re an expert in the AEC industry, but you might not have a strong background in computers and information technology.
Whether you’re a multi-state engineering practice or a single-office architecture firm, finding and retaining quality information technology services is vital to keeping your business safe.
Whether you have someone in-house or you hire a consultant or contractor, this is one service to not skimp on in terms of pricing. Look for IT professionals who are quick when responding to service requests and are proactive about keeping your firm up-to-date with the latest technology.
3. Tell your clients how you’re protecting their information.
Your clients aren’t just trusting your firm to deliver on one or more projects that will cost thousands and thousands of dollars. They’re also looking to you to keep sensitive and confidential documents under lock and key.
If your IT security is compromised, you may be forced by law to inform your clients that a breach took place and explain what you’re doing to fix the situation. Some—or many—of your clients may eventually choose to take their business elsewhere.
To preempt such a scenario, consider sending your clients a short, personalized letter once a year that details what your firm is doing to prevent cyber-attacks from occurring. If a breach does occur, then there’s a better chance that they’ll sympathize with—instead of blame—your firm. They may understand you did everything you could to prevent the breach from occurring.
As the frequency of cyber-attacks continues to increase, don’t leave any stone unturned when thinking of possible ways to protect your firm and your clients’ data. It’s crucial to communicate. Get your employees and IT resources on the same team, and keep your clients in the loop about update you make to your cyber security system.