controlled environment rather than during a live event.
In addition, regulators and consumers are increasingly
expecting that companies conduct cyber-exercises as an
information security best practice.
»
Third-Party Vendor Management:
A major cyber-incident
will inevitably trigger a need for external assistance (e.g.,
outside counsel, forensic firms, credit monitoring services,
etc.). Just as the time to test incident response procedures
is not during an actual incident, companies likewise will not
want to deal with establishing third-party relationships in
the midst of a cyberattack. Companies should make these
arrangements in advance so that these parties are ready to
respond if and when the time comes for their assistance.
As discussed, there is no such thing as perfect security, and
the construction industry equally is not immune from a
cyberattack. Thus, it is imperative that companies begin to
prepare for a cyber-event before an incident actually occurs to
ensure a streamlined and coordinated response process and
minimize the subsequent aftermath.
While the above principles serve as a baseline for cybersecurity
preparedness, a sound information security and incident
response program requires skilled, intensive attention and
analysis. Holland & Knight’s Construction Industry Practice
Group as well as our Data Privacy and Security Team have the
combined experience to assist companies with cybersecurity
incident preparedness, including reviews and analyses of
policies and procedures, conducting cyber-exercises, and
providing vendormanagement services. For further information
regarding these services, please contact the authors of
this article.
n
Companies should begin to prepare for a cyber-event
before an incident actually occurs to ensure a streamlined
and coordinated response process and minimize the
subsequent aftermath. Best practices include creating
incident response policies and communication protocols,
conducting cyber-exercises and employee training to
practice scenarios, and designating third-party vendors
to assist in the event of an cyberattack.
Building Washington 21
LEGAL REVIEW
