Understanding the Risk
Many architectural firms mistakenly believe they’re immune to cyberattacks because they don’t consider their data “sensitive” enough. However, cybercriminals are deliberate and efficient, targeting any organization that uses the internet—even for basic tasks like email or sharing designs. The AIA and Fairoaks IT recommend following at least the below guidelines to stay safe.
Key Recommendations
- Defensible Security Strategy:
- Develop a framework that includes governance, policies, infrastructure, people, and relationships.
- Prepare a validated, auditable narrative to answer the question: “How does your firm manage cyber risk?”
- Risk Transfer via Cyber Insurance:
- Consider cyber insurance to mitigate financial losses in case of an incident.
- Understand coverage options and tailor them to your firm’s needs.
- Multifactor Authentication (MFA):
- Implement MFA to enhance login security.
- Require additional verification beyond passwords.
- Third-Party Risk Management:
- Assess the security practices of vendors and partners.
- Ensure they meet your standards to prevent vulnerabilities.
- Get help from a trusted IT partner:
- Ensure they have experience supporting other architect and design firms
- Make sure they can provide both cybersecurity and general IT help services
Common Threats
- Business Email Compromise (BEC):
- A major threat affecting anyone with an email account.
- Cybercriminals manipulate emails to deceive recipients into transferring funds or sensitive information.
- Ransomware Attacks:
- Every business is a target, especially those with lax security.
- Regularly back up critical data and educate employees on phishing risks.
Conclusion
Architectural firms are valuable targets for cyber attackers. Understanding the risks and implementing robust security measures is an ongoing goal. Download the full report by the AIA Trust for detailed insights.
Remember, your data matters—protect it vigilantly! If you need any help, feel free to reach out to Fairoaks IT.
