Search for other episodes
Episode 010: Cyber Security Threats and Protections
Today’s episode of the AEC Leadership Today podcast features J. Dale Crow. Dale is a Senior Vice President at Risk Strategies, and he is passionate about risk management for AEC and professional services firms.
When It Comes to Cyber Breach, It’s About ‘When’ Not ‘If’
Dale describes himself as a recovering attorney. He spent about a decade litigating professional liability claims against engineering and architectural firms. Now he uses his experience with these types of legal claims and matters at Risk Strategies, where he counsels AE firms in how to insure and manage risk.
“The unfortunate reality is that I don’t think anyone is immune. It’s not a matter of ‘if’ but of ‘when’ a cyber breach will occur.”
—J. Dale Crow
In this episode, we discuss:
- What are the cyber risks? There are two common types of cyber breaches, but there are many ways that these types of breaches happen. It can happen through a hack or an employee mistake. Maybe an outside actor has planted ransomware or has been monitoring your emails? There are even a few cases of employees being an inside actor of a cyber breach. It’s important to know what the risks are so you can prevent and prepare for them.
- Dale talks about how to manage and prevent Cyber Extortion and Social Engineering. Cyber Extortion is a kind of breach where an outside actor will contact you claiming to hold your data and ask for ransom in an attempt to get money from your firm. This really happens! Some actors may have your data, and some may not. The right incident response plan can help you know for sure – and help guide your next steps.
- Social Engineering happens to your firm when a completely normal-seeming email or another type of communication will come to you under someone else’s name asking you to wire money to someone as if it is just business as usual. Many times these attackers have been monitoring your emails and know how to make an email sound natural coming from a CFO or CEO. Dale talks about simple ways to avoid falling for this trick in our busy everyday lives.
- Why is insurance necessary? Dale talks about the difference between “cyber” insurance and professional liability insurance. What can the insurance company do for you in the case of a breach? How will they help counsel you and make sure you’re fulfilling your legal obligations to your clients? Knowing these things can help you mitigate your risk and save both time and money when a breach happens to your firm.
- You do have an obligation to your past and present clients and employees when you have a breach. No matter what the breach is, whether someone left a company laptop in a public place and it disappeared, or you had a very expansive data breach, you may have legal obligations to notify all parties that private data was exposed and provide them credit monitoring. This is why it is important to have legal assistance. Some states have specific guidelines, and furthermore, there are fines for failing to provide proper notice when you’ve experienced a breach of private information.
- Though companies who are handling projects with sensitive, high-value target organizations might be at the largest risk, all firms are experiencing breaches. No matter the size or your firm or what kind of projects it handles, it is at risk of a breach. In some cases, you might not even be the main target; you might just be a conduit to the main target, but you still experience a breach. This is why you need a plan for what your firm will do when it experiences a breach.
- Your employees can play a major role in protecting against breaches. Many firms are experiencing a better rate of success against breaches when they properly train and test their employees and systems. You can lower your risk of a breach through tabletop exercises, spoof emails that test which employees would open and hover over a link from an external email, or even penetration testing through outside consultations. It just makes sense to properly train your employees to recognize a dangerous situation, but it’s also your duty to protect.
“This is happening to all types of firms. Everyone is grappling with this, and you just have to be proactive about it and work on having a solid response plan”
—J. Dale Crow
Though parts of this subject may sound scary, I’m happy Dale came to talk to us about cyber risk and security. There’s a lot of information in this episode that we should really talk about more than we do. This is also an episode to share will all key employees.
About J. Dale Crow, JD
Dale Crow is a leader in the Professional Services Group of Risk Strategies. Dale specializes in risk management solutions for architectural and engineering firms.
Prior to joining Risk Strategies, Dale practiced law with Lewis, Thomason, King, Krieg & Waldrop, P.C. He has substantial litigation experience in the areas of architects and engineers professional liability, construction defects, and construction contract law. Dale draws on this experience in counseling his clients in risk management protocols, contract review, and the placement of a comprehensive insurance program.
He also regularly presents risk management seminars for local, state, and national associations, as well as for individual clients.
Thanks for listening to the AEC Leadership Today Podcast!
I sincerely hope you enjoyed today’s episode. Be sure to contact Dale if you want to talk about making a plan for cyber breaches or are just curious about any other risks. And, if you like what you heard, please leave a review on iTunes and share the podcast with a friend. See you in the next episode!
Are you interested in being a guest?
How to help out
Please leave a review on iTunes, Spotify and Stitcher. They really help, so thank you.
About the Host
Peter C. Atherton, P.E. is an AEC industry insider having spent more than 20 years as a successful professional civil engineer, principal, major owner, and member of the board of directors for high-achieving firms. Pete is now the President and Founder of ActionsProve, LLC, author of Reversing Burnout. How to Immediately Engage Top Talent and Grow! A Blueprint for Professionals and Business Owners, and the creator of the I.M.P.A.C.T. process. Pete works with AEC firms and leaders to grow and advance their success through modern and new era focused strategic planning and implementation, executive coaching, leadership and management development, performance-based employee engagement, and corporate impact design.