Guide to Computer Encryption On Small Business

images-13Encryption is a difficult concept to grasp, but it’s a necessary part of protecting your business’s sensitive data. At a basic level, encryption is the process of scrambling text (called ciphertext) to render it unreadable to unauthorized users. You can encrypt individual files, folders, volumes or entire disks within a computer, as well as USB flash drives and files stored in the cloud.

Why is encryption important?

The purpose of file and disk encryption is to protect data stored on a computer or network storage system. All organizations, including small to midsize businesses (SMBs), that collect personally identifiable information (PII) like names, birth dates, Social Security numbers, financial information and the like, must secure that information. An organization can be sued if a computer containing PII is stolen and the information is leaked or shared.

According to Joe Siegrist, vice president and general manager of LogMeIn’s LastPass password management software, encrypting your entire hard drive is good business practice.

“Laptops are frequently lost or stolen, so SMBs should take steps in advance to protect the data on them to prevent them from being a data breach risk,” Siegrist said. “To keep data safe from prying eyes, install a full disk encryption tool on employee computers and laptops.”

If a laptop is lost or stolen and the files or disk isn’t encrypted, a thief can easily steal the information. He or she doesn’t even need to know the sign-on password to access the files – it’s easy to boot a computer from a USB thumb drive and then access the disks within the computer.

That being said, disk encryption doesn’t protect a computer entirely. A hacker can still access the computer over an insecure network connection, or a user can click a malicious link in an email and infect the computer with malware that steals usernames and passwords. Those types of attacks require additional security controls, like anti-malware software, firewalls, awareness training and so on. However, encrypting a computer’s files or the entire disk greatly reduces the risk of data theft.

Types of computer encryption

Individual file and folder encryption does just that — it encrypts only specific items that you tell it to. This method is acceptable if relatively few business documents are stored on a computer, and it’s better than no encryption at all.

One step up is volume encryption, which creates a container of sorts that’s fully encrypted. All files and folders created in or saved to that container are encrypted.

Full-disk or whole-disk encryption is the most complete form of computer encryption. It’s transparent to users and doesn’t require them to save files to a special place on the disk – all files, folders and volumes are encrypted.

With full-disk encryption, you must provide an encryption passcode or have the computer read an encryption key (a random string of letters and numbers) from a USB device, when powering on your computer. This action “unlocks” the files so you can use them normally.

Strong encryption is built into modern versions of the Windows and OS X operating systems, and is available for some Linux distributions as well.

Microsoft BitLocker is a disk encryption tool that’s included in Windows 7 (Enterprise and Ultimate) and the Pro and Enterprise editions of Windows 8.1 and Windows 10. It’s designed to work with a Trusted Platform Module (TPM) chip in your computer, which stores your disk encryption key. It’s possible to enable BitLocker even without the chip, but a few settings must be configured within the operating system, which require administrative privileges.

To enable BitLocker, open Windows Explorer or File Explorer and right-click on Drive C:. If your version of Windows supports BitLocker, the menu will display a “Turn on BitLocker” option, which you can click to enable the program.

When you enable BitLocker, Microsoft prompts you to save a copy of your recovery key. This is an important step because you need the recovery key to unlock your disk. Without the key, neither you nor anyone else cannot access the data. You can save the key to your Microsoft account, to a file or print it. BitLocker also lets you require a PIN at startup.

Apple FileVault provides encryption for computers running Mac OS X. When enabling encryption, FileVault prompts you to store the disk encryption recovery key in your iCloud account, but you can choose to write it down instead.

For Linux, you typically encrypt the disk during installation of the operating system, using a tool such as dm-crypt. However, third-party tools are also available for post-installation encryption.

Third-party encryption programs

TrueCrypt used to be one of the most popular open-source disk encryption software programs, but its developers stopped maintaining it in 2014. Security experts are still torn over whether it’s safe to use. To be on the safe side, stick with a product that’s regularly tested and updated. The following products are a few open-source products that are well regarded:

  • VeraCrypt: Free software that runs in Windows, Mac OS X and Linux. Frequently gets the highest ratings from users and third-party testers.
  • DiskCryptor: Geared for new and old versions of Microsoft Windows. Can encrypt partitions and entire disks.
  • Gpg4win: Uses military-grade security to encrypt and digitally sign files and emails.

Be careful about yahoo hacked if you use it for small business

unduhan-18Yahoo has confirmed that it was the target of what may be the largest cyberattack of all time. The breach took place back in 2014 and compromised the data of an unprecedented 500 million users.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.

For small businesses, this means it’s not just sensitive business data that’s been stolen. Because the cyberattack has given hackers and their associates access to entire Yahoo accounts, customers’ private information — such as those stored in emails and linked accounts — are also at risk

The only bright side, however, is that the breach did not include financial information, such as credit card numbers or bank accounts, the company added.

Yahoo believes that the cybersecurity breach was “state-sponsored” — a hacker working for a government — and is working closely with law enforcement officials in their investigation. In the meantime, the company is taking action to protect users, such as informing them of the attack and prompting them to change their passwords and security questions (previous security questions have been invalidated to prevent unauthorized access to accounts).

Users should also change their passwords and security questions to other online accounts and never use the same the same credentials to log in to multiple accounts. For small business users, this could be anything from e-commerce, bank, marketing, social media and other related accounts.

Yahoo also recommends that users set up a free Yahoo Account Key. This service eliminates the need for passwords. After activating a key, users will need just their username to login. Yahoo will then send a phone notification to approve access.

In addition, small business users should stay vigilant about monitoring their accounts. Yahoo advises users to review any suspicious activities, be cautious of any emails or websites asking for personal information and not click on links or download attachments from unknown senders.

For more information on how to protect your business from hackers, check out our comprehensive cybersecurity guide for small business.

Digital strategy for insurances

images-14The nature of competition in property and casualty (P&C) insurance is shifting as new entrants, changing consumer behaviors, and technological innovations threaten to disrupt established business models. Though the traditional insurance business model has proved remarkably resilient, digital has the power to reshape this industry as it has many others. Innovations from mobile banking to video and audio streaming to e-books have upended value chains and redistributed value pools in industries as diverse as financial services, travel, film, music, and publishing. As new opportunities emerge, those insurers that evolve fast enough to keep up with them will gain enormous value; the laggards will fall further behind. To succeed in this new landscape, insurers need to take a structured approach to digital strategy, capabilities, culture, talent, organization, and their transformation road map.

Though the P&C insurance business has long been insulated against disruption thanks to regulation, product complexity, in-force books, intermediated distribution networks, and large capital requirements, this is changing. Sources of disruption are emerging across the value chain to reshape:

  • Products. Semiautonomous and autonomous vehicles from Google, Tesla, Volvo, and other companies are altering the nature of auto insurance; connected homes could transform home insurance; new risks such as cybersecurity and drones will create demand for new forms of coverage; and Uber, Airbnb, and other leaders in the sharing economy are changing the underlying need for insurance.
  • Marketing. Evolving consumer behavior is threatening traditional growth levers such as TV advertising and necessitating a shift to personalized mobile and online channels.
  • Pricing. The combination of rich customer data, telematics, and enhanced computing power is opening the door to usage- and behavior-based pricing that could reduce barriers to entry for attackers that lack the loss experience formerly needed for accurate pricing.
  • Distribution. New consumer behaviors and entrants are threatening traditional distribution channels. Policyholders increasingly demand digital-first distribution models in personal and small commercial lines, while aggregators continue to pilot direct-to-consumer insurance sales. Armed with venture capital, start-ups like Lemonade—which raised $13 million in seed funding from well-known investors including Sequoia Capital—are exploring peer-to-peer insurance models.
  • Service. Consumers expect personalized, self-directed interactions with companies via any device at any hour, much as they do with online retail leaders like Amazon.
  • Claims. Automation, analytics, and consumer preferences are transforming claims processes, enabling insurers to improve fraud detection, cut loss-adjustment costs, and eliminate many human interactions. Connected technologies could allow policyholders and even smart cars and networked homes to diagnose their own problems and report incidents. Self-service claims reporting such as “estimate by photo” can create fast, seamless customer experiences. Drones can be used to assess damage quickly, safely, and cheaply after catastrophes.

 

Stay current on your favorite topics

All these disruptions are being driven and enabled by digital advances, as Exhibit 1 illustrates with examples from auto insurance. No single competitor or innovation poses a threat across the entire value chain, but taken together, they could lead to the proverbial death by a thousand cuts: many small disruptions combining to fell a giant.

Know more about the business asset

Any type of revenue loss or reputational damage is worth preventing. Protecting your business against such losses means securing your employees, customers, building, equipment, and revenue-related assets.

When people think of security breaches and theft, they often imagine complex technology theft or armed robbery. But although businesses should employ the proper measures to prevent major security incidents, the reality is that those types of instances are rare. Often, revenue slips out the door simply because of poor record keeping, employee theft or lax security protocols, rather than from outside nefarious forces. Security cameras and other technologies can also help protect your company from harassment or performance issues.

While some security measures require an investment or ongoing fees, some are free and can be implemented as best practices. If you haven’t yet put much thought or investment into your business’s security, now might be the time to do so. It might even cost less than you think. Here are a few ideas and best practices to help you secure your business.

Security cameras and monitoring

The first and most obvious security investment to make for your business is to install surveillance cameras. These cameras are becoming more affordable and often can be packaged with alarm monitoring services.

You’ll want to place cameras in strategic areas, such as at entrances, over cash registers, in serving/sales areas and near expensive inventory. Your employees should know that you periodically view the recorded video. This will help prevent inventory shrinkage and discourage patrons from stealing. It also can be used to identify (and, in turn reward) high-performing employees. Some security technologies can integrate your point-of-sale (POS) system with your security cameras, such as Remote Eyes, Axis Communications, Genetec, Axxon, Cisco and 3VR.

Experts recommend finding a local vendor that can provide security consulting as well as maintenance support. These companies should also be able to provide integrated technologies, such as those that detect smoke, gas, motion and broken windows; as well as fob or card entry options. Security monitoring services communicate with your local law enforcement, usually for a small fee per year, and provide cellular systems with battery backups in case of power outages.

You can find our complete coverage of surveillance systems here.

Other security technologies

Sales Tracking

Accurate sales-tracking technologies can reduce losses caused by incorrect pricing, tax calculations, voids, duplicate orders, false sale records and more. If you have employees, these systems can help you track potential problems, such as routine voided or incorrect sales tickets. If you own a restaurant or retail store, a capable POS system can track this information for you. If you sell services, your payment processor often will provide features to help you track sales.

Inventory Tracking

Although inventory tracking is the most relevant to businesses that sell physical products, companies that sell services can also benefit from these tracking systems. For example, inventory systems can help restaurants track food inventory, vendors, waste loss and spoilage, and retail versions of these systems can track items, stock keeping units and bar codes, item descriptions, vendor information and more. Usually, businesses can enable these types of capabilities by using a POS system with upgraded inventory-tracking tools. Service businesses can use a credit card processor to track the types of services sold as well as billable hours. You can also employ technologies to track equipment and depreciated properties. Having accurate inventory information can help you quickly pinpoint areas of loss.

Employee Scheduling and Time Clocks

If you have employees, keeping accurate records can greatly improve your payroll accuracy and reduce the risk of overpayment. Some time clocks even utilize biometric technologies, such as fingerprint readers or eye scanners, that prevent employees from clocking in for one another. Many of these systems let you view employees’ schedules online and send shift-change information directly to employees’ mobile phones to help ensure that they show up for the right shifts. You can add scheduling and time clocks to many POS systems or purchase the services separately. Popular vendors include Revel Systems, NCR, Lavu, Lightspeed, ShiftPlanning, NimbleSchedule and Humanity.

You can find our complete coverage of employee scheduling software here.

Credit card and fraud protection

If you process card payments, you’ll need to carefully protect your customers’ payment information. With the recent liability shift, you — rather than the card company — can be held responsible for fraudulent charges if you are not compliant with the latest card processing technology.

The best strategy is to use a payment processor that provides the right level of security for your business. But there are also a few things you can do to add an extra layer of security:

  • Do not store credit card information yourself.
  • Upgrade to EMV chip-and-PIN card readers.
  • Provide table-side or customer-present processing.
  • Limit who is allowed to process payments using your service.
  • Maintain excellent sales records.
  • Use complex passwords, and change them often.
  • Secure the devices supporting your payment processing and CRM (customer relationship management) software using firewalls, passwords and anti-malware software.
  • Lock down Wi-Fi access, and use a powerful firewall.
  • Consult with a specialist about how you can become and stay PCI (Payment Card Industry) compliant.
  • Consider accepting other types of payments, such as mobile or PayPal payments.

Business Can Bridge the Cybersecurity Skills Gap

Cybersecurity is an important component of any company’s operations. Small businesses are especially at risk for data theft or security breaches — Keeper Security and the Ponemon Institute found that 50 percent were breached within the last year — so they need people and technology to protect their sensitive information.

But according to a report by Intel Security and the Center for Strategic and International Studies (CSIS), 209,000 cybersecurity jobs went unfilled in the United States alone in 2015. That growing IT skills gap leaves businesses vulnerable to cyberattacks and theft: More than 70 percent of IT professionals surveyed in the study said the cybersecurity skills gap in their organization has had a direct negative impact on their companies, and 25 percent said propriety data has been lost due to this gap.

“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP [intellectual property],” James A. Lewis, senior vice president and director of the Strategic Technologies Program at CSIS, said in a statement. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

Set high standards for cybersecurity jobs. In the study, which surveyed 775 IT professionals in eightcountries, nearly half of respondents cited a lack of training or qualifications as major concerns. It should not be easy to land a job in such a complex field; the report recommended redefining the minimum credentials for entry-level jobs and looking carefully at a candidate’s experience and skill set.

Not sure what to look for in your candidates? Our sister site Tom’s IT Pro has outlined the best IT certifications for 2016.

Provide additional training and education opportunities. Only 23 percent of the survey respondents said that traditional IT education programs are preparing students well enough to succeed. Hands-on training, gaming and technology exercises and hackathons may actually be a better educational resources, according to the report.

“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the frontline,” said Chris Young, senior vice president and general manager of Intel Security Group.

Expand the industry. Respondents revealed that an average of 15 percent of cybersecurity positions in their company will not be occupied by 2020. The report calls for diversification of the cybersecurity field, as more than three-quarters of respondents said their governments are not investing enough in building cybersecurity talent.

Invest in the right technology. One way to help bridge the workforce skills gap is to look into intelligent security automation, said the report. Intel and CSIS advised using this type of technology to collect cyberattack data and develop better metrics to identify threats.

Do you know the best of security for your small business

Cybersecurity is no joke. Whether you have a website, online accounts or any type of Web-based infrastructure, you are at risk for a cyberattack.

Although the public typically only hears about cyberattacks against high-profile companies, banks and government websites, small businesses make prime targets for cybercriminals, competitors and disgruntled parties. Yet, due to their lack of resources, small businesses have the least-protected websites, accounts and network systems — making cyberattacks a relatively easy job.

To help you protect your business, here are 13 small-business-friendly cybersecurity solutions to get you started.

1. Comodo

When it comes to low-cost security solutions, you usually get what you pay for. Comodo is a global, award-winning security provider that offers free and affordable security tools that don’t compromise on features and reliability. Solutions include: Comodo One, the company’s free IT management platform that features Remote Monitoring and Management (RMM), Patch Management and Service Desk all in one place; Comodo Securebox to shield apps from malware-infected devices; and Comodo Advanced Endpoint to automatically prevent malware from entering networks. Small businesses can also enjoy free antivirus, free and paid SSL certificates, free Internet security, mobile device management, firewall protection, security for POS systems and many other services.

2. ESET

Looking for a single solution to cover all your bases? ESET lets you choose from a wide range of security bundles to protect your computers, mobile devices, USB drives, networks and servers. For instance, the ESET Small Business Security Pack guards Windows and Mac computers, as well as iPhone and Android phones, file servers and email accounts. The company also offers custom solutions that allows you to build the perfect security tool for your business. You can choose by product type, company size and industry. Choices include endpoint security, mobile security, remote management, two-factor authentication, encryption, file security, email security, virtualization security and more.

3. Cradlepoint NetCloud Engine (Pertino)

Virtualization and cloud computing offer many gifts, including the ability to access your desktop, files and other data anytime, anywhere using any device. Security concerns, however, can complicate the convenience. Cradlepoint NetCloud Engine, formerly Pertino, offers one easy, affordable and super-secure way to virtualize your network and your business. You’ll enjoy a VPN decked with layers of security protection, such as multifactor authentication — a combination of users’ ID, token (i.e., their device) and PKI-certificate — fully cloaked private addresses, micro-segmentation, end-to-end encryption, access policies, industry-leading cloud security, data center protection and more.

4. Lookout Mobile Security

It’s not just computers that are at risk for security breaches. Lookout Mobile Security is all about protecting your business from cyberattacks on phones and tablets. It works by predicting, anticipating and shielding businesses against all types of mobile threats, such as malware, data leakages and the risks associated with sideloaded apps and jailbroken devices. Lookout also gives you complete visibility over devices and offers advanced tools to manage risks, vet software and app vendors, investigate incidences and ensure compliance with security regulations and company policies.

How to Keep Safe in the Cloud of DropBox

A Dropbox cyberattack has compromised the accounts of more than 68 million users, security experts revealed.

The attack occurred in 2012, and it was confirmed just this week that hackers had access to and leaked the email addresses and passwords of these millions of users online. As a preventive measure, the file hosting company emailed customers informing them of a mandatory password reset, advising them to login and create new passwords.

For small business owners, a cyberattack against Dropbox is a very serious concern. If a giant like Dropbox can be hacked, many providers are also at risk. To help you keep your data safe, here are three ways to protect your business on Dropbox and other cloud services.

1. Turn on two-step verification

Besides changing passwords, Dropbox highly recommends that customers enable two-step verification on their accounts. Two-step verification is available on most cloud platforms and apps, adding an extra layer of security to prevent unauthorized access.

It works by requiring both a password and a token to access accounts. For instance, in addition to entering a password, the service will also require a six-digit code that was sent by text, email or its mobile app. Without both credentials, the service will not allow anyone to log in to your account.

Two-step verification also keeps accounts safe by verifying new devices the first time they log in. Many services also alert users when an unrecognized device or browser is being used, so you know when a third party is attempting to access your account.

2. Don’t reuse passwords

One of the main reasons the Dropbox cyberattack is particularly alarming is that hackers didn’t just get access to passwords to millions of Dropbox accounts. Worse, they obtained email and password combinations.

This means that if you used the same email address and password to log in to Dropbox and other services, those accounts have also been compromised. Because many people use the same login credentials for everything — and many services use your email address as your username — it’s an effective way for hackers to gain access to inboxes, apps and even bank accounts simply by trial and error.

To keep your data safe, make sure to use a unique password for all of your accounts. This way, when one service suffers a breach, the rest of your accounts stay safe. (In light of recent events, Dropbox has also advised customers who used the same Dropbox password on other services to change their passwords on those accounts.)

3. Use a password manager

Although it’s easier to use the same password for all your accounts, it’s also very risky. But being safe by using strong, unique passwords doesn’t have to be complicated.

Password managers take the headache out of storing passwords, so you don’t have to remember all of them and to which account each password belongs. All you need to remember is a single master password and the password manager takes care of everything else. Features include auto-logins to accounts, device syncing, multi-user access and more. Most password managers also offer password generators that lets you create strong password combinations consisting of upper- and lowercase letters, numbers and symbols.

Two password managers we like are RoboForm and LastPass. Both of these services are accessible anytime, anywhere, whether you’re on your computer (Windows, Mac and Linux) or on a mobile device (iOS, Android and Windows Phone). They’re also very affordable for small businesses. RoboForm costs $9.95 and LastPass costs $12 to start.

How to become digital disruptors

Digital disruption isn’t just for hip start-ups. Incumbents can not only compete but actually lead radical industry change if they pay attention to the way their business model is shifting and act boldly in response. In this episode of the McKinsey Podcast, McKinsey partner Chris Bradley and senior partner Angus Dawson talk to Cam MacKellar about the life cycle of digital disruption, what it means for incumbents, and how executives should react. An edited transcript of their conversation follows.

Podcast transcript

Hi, I’m Cam MacKellar, from McKinsey’s Sydney office, and I’m delighted to be speaking today with Angus Dawson, a senior partner of the firm’s Strategy Practice throughout Asia; and Chris Bradley, a partner here in Sydney.

Both Angus and Chris have recently published articles on digital strategy for McKinsey Quarterly. Chris, along with his colleague Clayton O’Toole, coauthored an article published in May called “An incumbent’s guide to digital disruption.” The article looks at how companies can avoid becoming victims of digital disruption by recognizing crucial thresholds and acting in time. Angus and Chris, thank you very much for spending time with us today.

Cam MacKellar: Chris, it’s clear that the champions of disruption are more often attackers than incumbents. Why is that? And why is it so difficult for incumbents to respond rapidly to disruption?

Chris Bradley: I think companies are well geared for running their business at current course and speed or responding to a very immediate and real crisis. But disruption is in between those two goalposts because it’s uncertain, and it plays out over a very, very long period of time, and we get the proverbial boiling-frog problem in a company where the pressures of the short term and what’s real and what’s in front of your face are so all encompassing that the disruption gets underplayed.

Angus Dawson: There’s nothing that a CFO dislikes more than a business case that’s based on preventing decline. When you put a business case up, if you’re going to get investment you’ve got to show how it’s going to add to growth and profitable growth, and disruption is actually saying we’ve got a different baseline and that’s one of decline, and that conversation often just gets shut down.

Chris Bradley: Psychologically accepting a declining baseline in a business that you’ve grown up in and that you love and that you’ve actually got to take as the status quo or as the default reality, the idea that this business will decline, other things being equal, inference being big investment and big effort to maintain today’s position, that’s a big bridge to climb, and that’s why often you won’t see the response until that baseline doesn’t become a counterfactual; it becomes the factual.

Cam MacKellar: For incumbents who may realize disruption is out there, it’s perhaps lurking on the horizon, and they know that it exists, how should they determine what’s a real trend and what’s just noise? How can they work out which digital trends are going to influence their business and which ones are simply hype?

Angus Dawson: We’ve got to have a bit of empathy here for executives who are being hammered every day with trends and reports of how the whole world is going to change, threats on the horizon both from people outside the organization as well as from people inside. To be honest, most of them aren’t going to eventuate. We’re starting from a position of trying to pick the few things that really matter and the approach that we advocate is to come back to the fundamentals of the industry and how money gets made. We’ve got all the economic essentials to understand and to unpack what will change and why it will change and what are the markers of that to try to get through all the noise.

Chris Bradley: When these disruptions affect some of the deep wiring in the industry, you know it’s real, but a lot of the trends operate at this surface level. The other point I would add is that it’s nonlinear, so the world changes slowly until it doesn’t. That’s why when I look back through my career, most of these big changes, we’ve underestimated the impact of them but overestimated how quickly they would happen. I started my career around the time of the first dot-com boom, and I don’t think anyone at the time realized how profound the real Internet revolution would be, but that it would be pretty well 20 years later that we’re talking about it, with real depth. It’s that nonlinearity that’s important and why we’ve made the S-curve one of the central analytical ideas in there, because it’s nonlinear and because at any point where you extrapolate on an S-curve linearly, you’re going to get it completely wrong because you get this everything goes slow until it happens really, really quickly.

Digital future construction

e construction industry is ripe for disruption. Large projects across asset classes typically take 20 percent longer to finish than scheduled and are up to 80 percent over budget (Exhibit 1). Construction productivity has actually declined in some markets since the 1990s (Exhibit 2); financial returns for contractors are often relatively low—and volatile.

While the construction sector has been slow to adopt process and technology innovations, there is also a continuing challenge when it comes to fixing the basics. Project planning, for example, remains uncoordinated between the office and the field and is often done on paper. Contracts do not include incentives for risk sharing and innovation; performance management is inadequate, and supply-chain practices are still unsophisticated. The industry has not yet embraced new digital technologies that need up-front investment, even if the long-term benefits are significant (Exhibit 3). R&D spending in construction runs well behind that of other industries: less than 1 percent of revenues, versus 3.5 to 4.5 percent for the auto and aerospace sectors. This is also true for spending on information technology, which accounts for less than 1 percent of revenues for construction, even though a number of new software solutions have been developed for the industry.

Technical challenges specific to the construction sector have a role in the slow pace of digitization. Rolling out solutions across construction sites for multiple sectors that are geographically dispersed—compare an oil pipeline, say, with an airport—is no easy task. And given the varying sophistication levels of smaller construction firms that often function as subcontractors, building new capabilities at scale is another challenge.

Stay current on your favorite topics

However, none of this is going to get easier. Projects are ever more complex and larger in scale. The growing demand for environmentally sensitive construction means traditional practices must change. And the shortage of skilled labor and supervisory staff will only get worse. These are deep issues that require new ways of thinking and working. Traditionally, the sector has tended to focus on making incremental improvements, in part because many believe that each project is unique, that it is not possible to scale up new ideas, and that embracing new technologies is impractical.

The McKinsey Global Institute estimates that the world will need to spend $57 trillion on infrastructure by 2030 to keep up with global GDP growth.1This is a massive incentive for players in the construction industry to identify solutions to transform productivity and project delivery through new technologies and improved practices.

In this report, we consider five ways the industry can transform itself over the next five years.

How to Adapting your board

ftware is eating the world,” veteran digital entrepreneur Marc Andreessen quipped a few years back. Today’s boards are getting the message. They have seen how leading digital players are threatening incumbents, and among the directors we work with, roughly one in three say that their business model will be disrupted in the next five years.

In a 2015 McKinsey survey, though, only 17 percent of directors said their boards were sponsoring digital initiatives, and in earlier McKinsey research, just 16 percent said they fully understood how the industry dynamics of their companies were changing.1In our experience, common responses from boards to the shifting environment include hiring a digital director or chief digital officer, making pilgrimages to Silicon Valley, and launching subcommittees on digital.

Valuable as such moves can be, they often are insufficient to bridge the literacy gap facing boards—which has real consequences. There’s a new class of problems, where seasoned directors’ experiences managing and monetizing traditional assets just doesn’t translate. It is a daunting task to keep up with the growth of new competitors (who are as likely to come from adjacent sectors as they are from one’s own industry), rapid-fire funding cycles in Silicon Valley and other technology hotbeds, the fluidity of technology, the digital experiences customers demand, and the rise of nontraditional risks. Many boards are left feeling outmatched and overwhelmed.

To serve as effective thought partners, boards must move beyond an arms-length relationship with digital issues (exhibit). Board members need better knowledge about the technology environment, its potential impact on different parts of the company and its value chain, and thus about how digital can undermine existing strategies and stimulate the need for new ones. They also need faster, more effective ways to engage the organization and operate as a governing body and, critically, new means of attracting digital talent. Indeed, some CEOs and board members we know argue that the far-reaching nature of today’s digital disruptions—which can necessitate long-term business-model changes with large, short-term costs—means boards must view themselves as the ultimate catalysts for digital transformation efforts. Otherwise, CEOs may be tempted to pass on to their successors the tackling of digital challenges.

At the very least, top-management teams need their boards to serve as strong digital sparring partners when they consider difficult questions such as investments in experimental initiatives that could reshape markets, or even whether the company is in the right business for the digital age. Here are four guiding principles for boosting the odds that boards will provide the digital engagement companies so badly need.

Revolutionize food chain

The way digital technologies are reshaping the relationship between consumers and brands has been hotly debated over the past few years, with much discussion of the reshaping of consumer decision journeys, the advent of multichannel marketing and sales, and the impact of smartphones and the mobile Internet on customer behavior. Yet an even bigger opportunity has been largely overlooked. By taking advantage of big data and advanced analytics at every link in the value chain from field to fork, food companies can harness digital’s enormous potential for sustainable value creation. Digital can help them use resources in a more environmentally responsible manner, improve their sourcing decisions, and implement circular-economy solutions in the food chain.

Huge untapped potential

So far, most of the excitement about digital’s potential in the consumer-packaged-goods industry has centered on marketing and sales. But for food producers, the opportunities begin higher upstream and end lower downstream. At the upstream end, the agricultural practices followed by dairy farmers, cacao and coffee producers, wheat and barley producers, cattle farmers, and so on result in enormous variations in commodity costs in an industry where raw materials represent easily 60 percent of the cost of goods sold (COGS) (Exhibit 1).

Manufacturing and packaging also represent a substantial share of COGS, as well as contributing to companies’ environmental and social footprints and food-safety risks. At the other end of the food chain, big data and advanced analytics can be used to optimize downstream activities such as waste management. Food waste causes economic losses, harms natural resources, and exacerbates food-security issues. About a third of food produced for human consumption is lost or wasted every year in a world where 795 million people—a ninth of the population—go hungry (Exhibit 2).