Of the many disruptions taking place last year in the construction industry, technological challenges have proved significant – both in cost and how they’re impacting businesses of all sizes.
While many view information technology concerns as simply that – IT issues – they’re in fact much more and are affecting small and mid-size businesses as well as larger companies. IT security, as well as IT continuity, are not “an IT thing”, but rather an essential business risk discussion. Generally speaking, creating safe technology environments for construction companies is a vital aspect of growing a business in the online world.
It’s important to be as technologically prepared as possible for a crisis, to best weather the storm, and so you can remain strong and sustainable well into the future.
The Costs Are Real
First, let’s consider the high costs of network downtime. Last year, downtime cost U.S. businesses nearly $26.5 billion in lost revenue. That’s a scary number, but it’s hard to really apply it to your construction business, right? Luckily, researchers have dialed in the microscope a little bit more.
The average small to medium-sized business loses an average of $42,000 each hour of downtime. Another study found the cost to be closer to $5,600 a minute. You may wonder how much downtime do you really see in a year? But even average downtime hovers around 87 hours a year, with average instances lasting in the range of 200 minutes each time.
Small Businesses Are Prime Targets
Aging equipment and unpatched devices, lack of IT support (unless something breaks), and not making IT a priority – all are among the reasons small businesses are prime targets for cybersecurity attacks. Many small businesses also just don’t believe cyberattacks will happen to them – their data isn’t that valuable, after all, they may reason.
Hackers, however, are more concerned with getting access, and seeing if there may be something of value, than necessarily targeting specific organizations.
Educating employees on cybersecurity and their role in helping ensure safe technology environments for construction companies may not be as high of a priority as it should be. This in turn can lead to unintentional breaches and cybersecurity attacks.
Recovery And Planning Ahead
During these turbulent times, many organizations have focused on disaster recovery, which is the process of rebuilding an operation or infrastructure after a disaster passes. The ideal situation, given we know disasters can happen at any time, is to focus on business continuity planning, which is the process of ensuring your critical business functions can react and recover from a business disruption with minimal impact on your business.
One sobering statistic to consider: 40% – 60% of businesses disrupted by a disaster, that don’t have a plan, never re-open.
What You Can Do
At a minimum, follow these steps:
- Create an acceptable use policy for your organization and team members.
- Follow password best practices.
- Establish user awareness training.
- Keep up with IT best practices, especially practices of backing up your IT and having backup off-site as well (in case a disaster strikes on-site).
Strategies For Mitigating Risk
To mitigate risk, utilize these strategies:
- Avoidance. Avoiding risk is a common mitigation strategy. An example: removing email sync from BYOD mobile devices.
- Reduction or Control. Use mitigating controls to reduce the probability of occurrence or the severity of the consequences of unwanted risk. An example: installation of a UPS system to maintain connectivity during a power outage or requiring DNS security for all devices, including laptops.
- Transference. This strategy is to shift the burden of the risk consequence to another party, i.e. liability or cybersecurity insurance.
- Acceptance. An example of this is choosing not to impose Internet access restrictions. The most common scenarios for this are when the cost is a factor, or the client doesn’t believe or understand the risk and impact on their business.
Have The Risk Conversation – And Own It
Ultimately, the responsibility for effective risk management lies with organizational management. Accordingly, the challenge for risk management is to handle and summarize the numerous individual incidents of risk associated with running an IT system (referred to as operation risk) in such a way that the organization’s management team can make effective decisions regarding risk control.
Brian Young, a Rehmann principal, has been working in technology for over 23 years, helping clients make strategic and effective IT decisions. He has developed extensive knowledge in sales, cloud solutions, cybersecurity, managed IT services, system design and architecture, and professional IT services. Brian helps organizations leverage technology to protect their business – in many instances he has played a significant role in creating disaster recovery and business continuity plans.