Increased technology in anything equates to easier, quicker, and smarter accessibility for end users. Unfortunately this same ease of use can offer a lack of obstacles to hackers. As commercial buildings embrace the opportunity to optimize connectivity, businesses need to be cautious that their system integration doesn’t provide an all-access means to sensitive information. I came across a great article from Building Design + Construction Magazine that calls out the dangers of buildings becoming smarter (as positive as the shifts can first seem).
Don’t get me wrong—I believe steps toward efficiency should be welcomed, but they also should be accompanied by equal security measures. As history has proven, many recent data breaches from large-scale businesses have been the product of hackers gaining access to networks through building systems.
David Barista of Building Design + Construction highlights “A little-known fact about the Target data breach that came to light months after the crime was how exactly the hackers gained access to the retail giant’s network: through the building systems infrastructure. The perpetrators swiped network credentials from an HVAC contractor who had performed refrigeration and HVAC work at one of the store locations. While the details remain sketchy—especially how an HVAC contractor’s credentials for access to building systems data provided a backdoor into Target’s payment system network—the case highlights the vulnerability of commercial real estate owners.”
I’m not suggesting you lock up your HVAC contractor to withhold any information they know, but what I do encourage is to patch up any gap of controls in a building’s network. These areas can provide the most-accessible backdoor to an organization’s corporate web. Whether your cyber properties contain consumer data or not, leaving your cyber security vulnerable in some areas is like owning a mansion filled with hope diamonds and leaving the door unlocked.
To become the go-to case study of a data breach is a long-term branding stigma that brings a giant pool of unforeseen costs. To avoid this, building owners need to take it upon themselves or engage their tenants to take all necessary steps to ensure there no gray areas within security systems and networks to prevent an attack.
Some Ways to Cover All Bases In Security:
1. Make sure your security systems include all features your operations require without unnecessary/excess controls. Allocate all attention towards protecting the core system that your business demands.
2. Run routine scans on your system to ensure that there are no areas lacking adequate protection.
3. Protect the outbound data in addition to the inbound—not one way or the other.
4. Keep the conversation going in your organization to uphold security and allow these concerns to be top of mind.
5. Add additional security through encrypted data and special access keys for authorized staff.
6. Consider insurance to protect from a breach scenario.
Sources referenced:
http://www.bdcnetwork.com/blog/commercial-buildings-get-%E2%80%98smarter%E2%80%99-concerns-rise-over-cybercrime
http://www2.deloitte.com/us/en/pages/real-estate/articles/evolving-cyber-risk-in-commercial-real-estate.html