Major cyber security breaches are constantly in the news, inviting waves of anxiety among, well, everyone. It’s not just big political players, media companies, and online giants that are threatened—AEC firms need to watch out too.
Would-be cyber attackers have turned their attention to professional services firms in recent years, looking for vulnerabilities in a business’s IT infrastructure in an attempt to swipe confidential and valuable information. Accounting firms, with a treasure trove of financial data and Social Security numbers, have recently been the most targeted type of professional services firm.
While AEC firms may not have the vast quantity of financial information that accounting firms do, the confidential and sensitive information that architecture, engineering and construction firms do possess can be just as damaging to your clients if it gets into the wrong hands.
That said, don’t start panicking. There are a number of precautions you can take to make sure that you, your employees, and your clients stay safe. Here are three suggestions.
Explain to employees what they can do to help
When a new, confidential document arrives at your firm via e-mail, your workers are the first individuals to touch it. It’s your responsibility to ensure that your employees know what to do to keep this information safe.
A software program such as BQE’s ArchiOffice, which also features a document management system, can make it easy to organize and file new and existing documents. An encrypted portal is also a necessity when emailing clients sensitive information.
Organize an all-day seminar where you can demonstrate to your employees how to use your document management software and explain the importance of keeping your clients’ information safe.
Help from your IT department
You’re an expert in the AEC industry, not computers and information technology.
Whether you’re a multi-state engineering practice or a single-office architecture firm, finding and retaining quality information technology services is vital to keeping your business safe from cyber invaders.
This is one outsourced service to not skimp on in terms of pricing. Look for an IT firm that is quick when responding to service requests and is proactive about keeping your firm up-to-date with the latest IT technology.
Let clients know how you’re protecting their information
Your clients aren’t just trusting your firm to deliver on one or more projects that will cost thousands and thousands of dollars. Your clients are also trusting your firm to keep sensitive and confidential documents under the proverbial lock and key.
If your IT security is compromised, you may be forced by law to inform your clients that a breach took place and explain what you’re doing to fix the situation. Some – or many – of your clients may eventually choose to take their business elsewhere.
To be pre-emptive, consider sending your clients a short, personalized letter once a year that details what your firm is doing to prevent a cyber attack from occurring. If a breach does occur, your clients may sympathize with, instead of blame, your firm. They may understand you did everything you could to prevent the breach from occurring.
As the number and frequency of cyber attacks continues to increase, don’t leave any stone unturned when thinking of possible ways to protect your firm – and your client’s data. Get your employees and IT resources on the same team, and keep your clients in-the-know of every update you make to your cyber security system.