The use of IT systems, networks and technology resources (phones, tablets, computers) are commonplace across the construction industry. General contractors, construction managers, subcontractors, owners and developers use these devices for continuous and ongoing communication. Naturally, these resources are employed to connect with others outside an organization, such as vendors, consultants and lawyers'—virtually everyone involved in the U.S. and around the world. However, as nearly everyone across the industry increases their use of and connections to the internet, and enjoy integration through the broader "Internet of Things" (IoT), there are significant causes for concern. Potentially damaging intruders (often within an organization) are looking to use your systems and/or the information contained within them, for financial gain or other nefarious purposes. Several recent reports suggest that construction industry participants maintain the overarching view that bad actors, be they "black hat hackers", third parties or current/past employees, have little, if any, interest in hacking their systems. This dangerous assumption “that they have nothing of value to these individuals or groups” results in significant corporate and public exposure. This panel will debunk that myth through the following risk management topics: Why the wide range of information on a contractor's systems is indeed valuable to hackers, from the personal and financial information of the employees and subcontractors, to government classified plans and specifications, and everything in between. The panel will discuss: ways in which hackers effectively breach contractors' systems (including Denial-of-Service attacks, malware, ransomware, password breaches and phishing attacks) and their potential activities once they breach the contractors' fire walls; legal, ethical and practical responsibilities for contactors (and their counsel) engaged in public and private projects, including the duty to disclose a breach/potential breach of their systems; effective risk management strategies and tools contractors can employ to combat hacking and stop bad actors before a breach occurs; and the strategic use of cyber insurance to protect against the wide-ranging financial implications and other crises related to a technology-related breach. This panel program will be moderated by the Chair of Peckar & Abramson's Data Privacy and Cyber Security practice , a cyber security forensic analyst, a broker specializing in cyber insurance and the Chief Information Officer of a leading contractor.
Upon completion of this session, participants will be able to:
- Understand the dangers of an unsecured IT system.
- Understand of the additional cyber security risks and stringent security and risk management obligations imposed upon all construction contractors performing work for the Federal Government.
- Understand risk management strategies that construction contractors can put in place to better manage the ever-present risk of a cyber-attack/breach of their IT systems, including the use of cyber insurance and indemnity and flow-down clauses.
- Understand recent state and ABA Ethics Opinions (especially ABA Formal Opinion 483), which are beginning to impose a duty upon all construction lawyers (both outside and in-house counsel) to safeguard their client's data from a cyber-attack and to notify their clients of any breach related to such data.