Comprehensive Cyber Crime Checklist for Architects, Engineers & Contractors

Comprehensive Cyber Crime Checklist for Architects, Engineers and Contractors

The list of cyberthreats continue to grow at an alarming rate – more than 1 million new variations of computer viruses or other malicious software per day, according to Symantec’s annual Internet Security Threat Report.

Male hands typing on a laptop, aerial view

You may not think your architectural, engineering or contracting firm is at risk, but that is simply not the case. Customer information, intellectual property and your firm’s financial information are all at risk. Your firm could experience damage to your reputation, business interruption or construction delays, and lawsuits by affected clients.

Here are four steps to keep your systems safe:

  1. 1. Confirm you have the necessary insurance coverage.

    • Be sure your business liability insurance policy includes coverage for breaches of corporate confidential information.
    • Purchase a policy that affirmatively covers funds stolen from your customers’ bank accounts.
    • Make sure your policy has a limit of at least $2 million in the aggregate for privacy breach costs.
  2. 2. Secure your systems.

    • Open-access Wi-Fi networks (those without passwords) are prime targets for cyber-crime. Make sure your network is password-protected.
    • When logging into email or other secure sites, make sure the URL starts with https://. This indicates a secure site. A site that starts with http:// — (without the “s”) is not secure.
    • Always be cautious about who might be looking over your shoulder when you’re working with sensitive content in public places. It’s always good to shield your login screen and other sensitive information.
    • Don’t leave your laptop, tablet or phone unattended where someone can take it and all the data it contains.
    • Disable the automatic check-in feature of your phone. This feature can reveal personal habits and sensitive information.
    • Never provide access to secure areas in your building to anyone without proper credentials.
    • Lock your computer when you leave your office, desk or workstation.
    • When you’re sending confidential information, encrypt it before you email it. Then email the encryption password in a separate message. This is safer than uploading it to a password-protected cloud-sharing app, or mailing a CD.
    • When possible, use a corporate VPN to establish remote connections to business systems.
    • Make sure your firewalls are regularly updated with the latest security patches.
  3. 3. Protect yourself from email scams.

    • Always verify the authenticity of unsolicited email. Company logos are easily to copy, so don’t assume a logo means an email is from the company it purports to be from. If you think the message is legitimate, go to the company’s website and log in from there.
    • Reputable companies generally don’t use public email services like Gmail and Yahoo, so emails from these domains should be carefully scrutinized.
    • Beware of requests to supply or “verify” account numbers or sensitive information.
  4. 4. Take security precautions with you on the go.

    • Four-digit PINs are relatively easy to break, especially if they are birthdays or anniversaries. Use a six-digit PIN instead. Fingerprint trails can reveal swipe patterns, so use a complex swipe pattern and clean your screen regularly. Alphanumeric passwords and fingerprint IDs are more secure.
    • Back up your device to a computer or cloud service. Use encrypted backup options for added security.
    • Consider an app that deletes contents from your device if it is ever lost or stolen.
    • Turn off your camera’s geotagging function because it gives scammers information about your location.
    • Be careful when connecting to Bluetooth with your mobile device as you may be giving those nearby access to your device when you connect.

For additional information, see: Top Ways to Mitigate Your Business Risks from Cyber Threats.

About the author

dan_gmelinDan Gmelin is senior vice president of underwriting and head of Architects & Engineers and Miscellaneous Professional Liability at Argo Pro. Gmelin previously served as senior vice president and A&E product head at Hiscox Insurance Company. He was one of the first employees at Hiscox and helped build the company from the ground up. Before joining Hiscox, he was a senior underwriter at Professional Indemnity Agency. He also previously served as a financial adviser with CIBC Oppenheimer’s High Net Worth Private Client Group. Gmelin graduated from the University at Albany, SUNY. 

About Argo Pro

Argo Pro, a member of Argo Group, is a leading provider of professional lines insurance products and services that can accommodate medium and large organizations on an admitted and non-admitted basis. Through a single operating platform and a robust network of appointed wholesale and retail distribution partners, Argo Pro offers a broad, customizable portfolio of errors and omissions and management liability insurance solutions. Argo Pro maintains offices in Chicago, New York City, San Francisco, Scottsdale and Hamilton Township (New Jersey).