6B — August 28 - September 10, 2020 — Architects/Engineers — Owners, Developers & Managers — M id A tlantic Real Estate Journal



rchitects and engi - neers contractually and fiercely protect By Michelle A. Schaap, Chiesa Shahinian & Giantomasi PC Cybersecurity and data protection should not be an afterthought for design professionals A

copyright to its work. If these and other deliver- ables are so valued, then should not the systems and third party providers used to generate and circulate these documents be similarly vetted and secured? While we have all read the headlines about nation-state sponsored cyber-attacks and firms faced with threats of a dark web leak if a ransomwent unpaid, statistics still seem to indicate that those within the firm – whether malicious or simply negligent – remain the source of more than half of data compromises for design firms. With a remote staff or poorly

secured personal devices, the likelihood of inadvertent com- promises increases this risk substantially. According the Ponemon In- stitute, the average cost of a data breach in the construc- tion industry (in which the Institute includes architectural and engineering firms) is $5.2 million. Further, average time for industry players to detect a breach is 220 days, and then an average of an additional 82 days is spent by these im- pacted entities to contain the breach. When you consider the financial cost, the time spent to detect, recover and resume op-

erations, and the reputational harm (not only in the eyes of your customers, but your own personnel, too), a successful attack can cripple a small to midsize design firm. For those companies that think it cannot happen to them, according to ESI Thoughtlab, the average estimated prob- ability of a successful breach for organizations in the U.S. is 45%. That is a sobering figure for any industry. If the potential success rate and impact of an attack is not enough to get your attention, consider the fact that you may not even qualify as a bidder

for many projects if you cannot demonstrate that your com- pany has a robust cybersecurity program in place. This is true for U.S. Department of Defense projects, public utility projects, and many other public sector bid requirements. Private in- dustry is also increasingly man- dating that vendors respond to comprehensive questionnaires focusing on cybersecurity and data protection measures be- fore a firm is even considered for work. So… if your instruments of service are worth protecting contractually, then those in- struments of service should be protected from compromises through technology, too. Re- member the basics: • Have written policies and robust system procedures • Train personnel • Restrict access to those who have a need to know • Use multifactor authenti - cation • Wherever possible, encrypt data at rest and in motion • Use secure portals to share files with third parties • Revoke access credentials when no longer needed • Vet third party vendors (software, cloud providers and even the cleaning service) • Undertake annual risk as - sessments • Patch systems • Have an incident response plan (not stored on your com- puter) Being proactive will protect those instruments of service that you and your clients value most. Michelle Schaap is amem- ber at Chiesa Shahinian & Giantomasi PC. MAREJ KING OF PRUSSIA, PA — Herbert, Rowland&Grubic, Inc. (HRG) assists a growing portfolio of water and sewer systems in Southeastern PA, and the firm will now be ex - panding its focus to the region’s commercial and industrial development market. Area ex- ecutive Joe Mongeluzi will lead this strategy as the newly hired assistant vice president in HRG’s King of Prussia office. Mongeluzi has more than 30 years of experience as a pro- fessional engineer, primarily focused on commercial and resi- dential site development. MAREJ HRG hires Mongeluzi as assistant VP

the owner - ship of their “instruments of service. ” The Ameri- can Institute of Architects’ (“AIA”) suite of documents provides for

Michelle Schaap

strict limits on the license granted to owners and their contractors in the use of an architect’s work product and, in all cases, makes it clear that the architect still owns the

Made with FlippingBook - Online catalogs