Business Continuity in Construction: Prepare for Challenges and Cyberthreats

  • Preventing Cybercrime
  • 11/4/2021
Team meeting in conference room

Key insights

  • Accessibility to service providers can make or break a business.
  • Widespread use of modern technology means many buildings are vulnerable to cybercrime.
  • Prepare against the unexpected by formalizing service relationships, obtaining adequate insurance, and keeping your business continuity plan current.

Need help bringing your continuity plan up to date?

Talk to an Advisor

Conducting business with a handshake in the Boston area may seem quaint and charming, harkening back to a time when life seemed simpler. However, with what we have learned from extreme weather conditions and the continuing COVID-19 pandemic, life is anything but simple. We should expect the unexpected — and be prepared for it.

Consider your dependence on service providers

Start by reviewing the service level agreements (SLAs) between your business and the critical providers who keep your business running. Whether you are the head of a commercial real estate firm or construction company, or a property manager who owns office space — your continued success depends on the efforts of those who provide services.

Devastation from hurricanes proved that a business with a days-long power interruption can be brought to its knees. Maybe your business could survive for two or three days without power. But what if it goes beyond that?

It isn’t just the lack of electricity; generators can usually compensate for that. But what if roads are impassible and fuel for the generators can’t be delivered? What about other service providers? Do you have a third party administrating your information technology systems, payroll, or benefits? What about cleaning services? Your risk increases as you add providers — each third party has events that could halt its operations and subsequently impact yours.

Technology is not guaranteed

In a broader sense, so much of what we do is “smart living.” Many buildings are now controlled by the Internet of Things. That includes elevators, HVAC, lights — virtually all components that make a building run smoothly. These same smart conveniences could be vulnerable to cyberattack, and a hack into a corporation’s infrastructure is an immediate threat to business continuity.

Consider if an unattended parking garage or parking lot had its’ infrastructure hacked, and neither the gates nor the auto-pay system worked for hours, leaving cars and motorists unable to pay and exit. Or, if an HVAC system was hacked and a building is left without heat or air conditioning. A hacked elevator operating system could leave people stranded inside the elevators or unable to ride between floors. Any of these incidents could lead to lawsuits, negative publicity, and damage to both reputation and business continuity.

Preparation is key

We can’t prevent bad things from happening, but we can take steps to prepare. Every business owner and commercial (and residential) property management company should consider the following.

Formalize your relationships

Are your SLAs up to date and do they protect your interests? Perhaps you’ve heard someone say, “I’ve got a guy” to fix HVAC, deliver fuel, or plow the parking lots. We can be lulled into a precarious false sense of security that “our guy” will always be there to fix what goes wrong. And business deals based on a handshake are fine — unless there is a crisis and a huge demand for services.

If your vendor is overwhelmed by multiple requests, he or she may have the best of intentions to help, but unless you have it in writing, you may be out of luck. Your solopreneur oil delivery person or internet guru may be out on multiple calls and you may not be at the top of the list; if not, you are losing money.

So first, formalize your relationships. Write an SLA that protects you and your systems, and have your attorney review it. Conduct the necessary due diligence on your providers to make sure they have the bandwidth to handle you as a top priority.

Review your insurance coverage

Do you have the insurance coverage you need to get your business back to normal as soon as possible? There are several areas of insurance worth reviewing: disaster, damage, and especially cyber liability. Are you covered for all cybercrime contingencies? Does your policy account for shutdowns? Are you covered for ransomware? Does your organization engage its employees in the types of cybersecurity training required by many insurance companies?

Property management companies that own buildings with multiple floors should consider cyber coverage for each floor. The building’s tenants should also obtain their own coverage. Discuss your cyber coverage with legal counsel and your business advisor.

Have a plan for business continuity

Is your business continuity plan up to date and relevant? In addition to SLAs and insurance, how are the other essentials of business continuity covered? Is your business in a position to survive for longer than three to five days under unusual circumstances? Your business advisor can steer you toward the financial steps and other actions you can take to help protect your organization from risk and unforeseen threats.

How we can help

Business relationships and insurance policies can be difficult to navigate. CLA construction professionals can help owners and leaders identify the information they need to make good business decisions and plan for long-term financial success.

Experience the CLA Promise