Cybersecurity — Broadening the Scope – 8/20/20

Aug 20, 2020

Nathan Owens, Partner – Newmeyer Dillion
Jeffrey M. Dennis, Head of Privacy & Data Security – Practice Group (partner)

LAS VEGAS and NEWPORT BEACH, CA – Construction companies are being targeted by a growing number of cyber threats. Beefing up cybersecurity and knowing the relevant privacy compliance requirements can save money and prevent a lot of headaches.

According to Newmeyer Dillion attorneys, Nathan Owens (partner) and Jeffrey M. Dennis, head of Privacy & Data Security Practice Group (partner), most contractors are not aware of the severity of the problem. “A lot of threats continue to be social engineering and ransomware,” explains Owens. “Those are not new concepts, but they have evolved over the last five to ten years in terms of their sophistication and their targets. Employees who are not adequately trained to spot and avoid falling for any number of tricks that the bad guys may put out there.”

Stealing intellectual property via malware/Trojan horses is another real threat that refuses to go away. “A huge percentage of exposures and breaches come from employees just doing ill advised things,” Dennis says. “It’s not even the bad actors. Its employees not following company protocol, or perhaps the company doesn’t have a protocol on how to deal with emails.”

Owens, Dennis, and three other panelists will discuss these and other cybersecurity issues during an educational session at Construction Super Conference entitled, How Will State-by-State Cybersecurity Laws Impact Your Next Project?

Specifically, panelists will cover recently enacted and pending state privacy laws, and examine the impact on construction companies in the context of the industry’s cyber threat landscape. They will be joined by an expert in proactive cyber threat denial operations who specializes in medium-size and enterprise companies (pending confirmation). They will also explore the protocol and training procedures that companies should implement to ensure compliance with new privacy legislation.

Upon completion of this seminar:
• Attendees will understand of the data privacy landscape and how current and imminent legislation impacts;
• Attendees will learn about the biggest cyber threats and where their biggest vulnerabilities lie, to better understand how they may be held liable or un-compliant under new privacy legislation; and
• Attendees will receive a checklist of policies and procedures to ensure that all employees are in compliance with legislation.

Dennis and Owens have seen the misery first-hand, particularly in situations where an email account is compromised in so-called man-in-the-middle attacks. “It’s basically wire transfer fraud,” Owens says. “I actually have a couple of these that are going hot and heavy right now where we’re a third party will somehow infiltrate email communication and send fake payment instructions to the contractor from the subcontractor. We saw it in the mortgage business where at closing time home buyers were sending deposits, and transferring large sums of money, to fake accounts that were never seen again. Now it’s playing out in the construction industry.”

The stakes are high with often severe consequences. “The statistic that blows me away is that for small businesses that suffer a significant cyber breach, about 60% of them close their doors within six months of that breach,” Dennis adds. “This is a very dangerous area because this is the kind of thing that can really put contractors out of business.”