How to protect your tenants against cyber security threats
The proliferation of IoT devices means building owners and property managers have to go beyond physical measures to keep tenants safe - they have to consider cybersecurity programs as part of their building safety.
In this episode of Cleaning the Built World, Nathan Mah, Co-founder at Mero is joined by cybersecurity expert and founder of K Tech Labs, Harsha Vachher.
From employee training to vendor standards, we discuss the various measures that can be taken to safeguard building systems and networks against threats. We also touch on the importance of performing security risk assessments before deploying new technology, as well as the potential vulnerabilities of IoT devices and how to mitigate them.
Watch the full episode:
Three top takeaways:
Here are the three most important takeaways from the episode:
Takeaway 1: Smart buildings are not immune to cyber security risks
In the past, building owners and property managers didn’t think of it as a real threat. They weren’t a bank and so they had nothing valuable to hackers right?
However, this has changed and we now hear about even small, non-downtown businesses being targeted.
Hackers may seek to gain access to the corporate network through the building's network, or access data being collected by sensors and cameras within the building.
They may also seek to gain unauthorized access to the building itself, potentially by pretending to be a maintenance company and gaining entry under false pretenses. This unauthorized access could be used to disrupt building operations and cause damage to the property, such as by altering the temperature in a way that could harm equipment or impact the health of the occupants.
While building security has traditionally focused on physical measures such as protecting tenants and controlling access, the increasing use of IoT devices and sensors in smart buildings means that it's important to also consider protecting against cyber threats.
Takeaway 2: Employees are your first line of defense
Ongoing security training helps property management staff maintain secure building systems and networks. A security awareness program can provide updates on threats and best practices including training on social engineering, identifying anomalous behavior, password management, and incident reporting.
As a first line of defense, your facility staff should follow policies such as password change and backup policies. Additionally, implementing role-based access and limiting the number of privileged accounts can help strengthen security.
Other measures that companies can use to protect building systems include hiding them behind firewalls, keeping systems and applications up to date with patches, implementing multiple layers of protection, monitoring system usage, limiting access to building systems, and implementing backup and recovery processes.
Takeaway 3: Perform security risk assessments before deployment
IoT devices may be vulnerable to data security breaches due to a focus on speed to market at the expense of security, a lack of internal responsibility for IoT privacy and security, and a lack of authentication and proper processes for security patch updates.
To reduce these risks, it's important to perform a security risk assessment before deploying a new system or technology, including an assessment of the new system, vendor best practices, and the technology and security features being used.
There are various vendor standards that relate to compliance and certifications. Some examples include penetration testing and compliance requirements for cloud-based applications. It's also relevant to consider the vendor's identification practices and overall security practices.