Adoption of technology has become one of the most transformative advancements in society in recent history, bringing an endless amount of changes that are revolutionising and arguably improving the way we live. We are within the fourth industrial revolution, with technology rapidly integrating itself into all aspects of society and our lives. The built world is becoming increasingly connected to the internet with the advent of smart building technology and the Internet of Things (IoT).
This precipitates a new age, where buildings and real world assets are now firmly in the sights of cyber-attackers. The stakes have never been higher, as the consequences of a cyber incident could now result in physical harm to people, or catastrophic damage to bricks and mortar assets.
Although corporate cyber security programs can be quite technically complex, the cyber safety of a network and system always depends heavily on teamwork between technical teams and the everyday users that interact with systems.
In this article, we outline several practical and non-technical tips that any Building Manager can utilise to help protect the assets they manage.
Security starts at its physical roots
Once a malicious actor gets physical access to a network or system, it becomes significantly more difficult to both detect and block them from doing harm.
Tip 1: Secure Sensitive Computers – Any computers that run sensitive software such as a Building Management System (BMS), CCTV Security Cameras or similar, should be kept in a secure location behind lock and key. Ensure that only authorised personnel ever have access to these computers.
Tip 2: Lock the Computers – Regardless of where the computers are stored, many Building Managers have jobs that take them away from their desk. When stepping away, always lock or log out from the computer.
Tip 3: Secure Network Ports – Many buildings have network ports scattered across the asset, it is wise to ensure all network ports that allow connectivity to the building network are similarly kept behind lock and key as they provide a point of entry to sensitive systems.
Protect your online corporate accounts
Just as much as your building networks are a target, your corporate emails and accounts are also a target for attackers that are seeking to gain unauthorised access and control.
Tip 4: Beware of Phishing – A form of fraudulent email in which malicious attackers send false emails that entice you to click on a link which downloads malware, or tricks you into giving up sensitive information such as passwords. Be wary of suspicious looking emails and always carefully analyse the sender and links before clicking or responding.
Tip 5: Multifactor Authentication – Not all systems support this, but where possible, turn on multifactor authentication to ensure that if your account is compromised, attackers will still need to possess a token device or your phone to retrieve a verification SMS code to gain access.
Don’t install unknown software on building networks
Building networks are often isolated and less maintained than a traditional corporate network, this means they are also often inherently more vulnerable to a cyber-attack.
Tip 6: Remote Access Tools – Many vendors or suppliers will ask that you install software that allows them to take control remotely. This is even more prevalent within the current pandemic, however, beware the level of control this gives to others outside your company. Where this is required, ensure you uninstall the software afterwards and avoid it altogether if possible.
Tip 7: Unnecessary Software – The more software applications installed on a computer, the more vulnerable it becomes. When applications become out of date, they can often pose a security vulnerability, that allows attackers to exploit them to compromise a system.
Backup and be prepared for disaster
Given the frequency of cyber-attacks around the globe, it is prudent to ensure that you have a backup plan in case something goes wrong. This gives you peace of mind but also saves you from the stress and time required to respond to a disaster when it happens.
Tip 8: Backups – Most building systems support the ability to export and backup configuration and databases. This is important for both cyber-attacks and when systems fail. An example is taking a backup of an access card database. If this database is lost or damaged, having a backup will save you countless hours of work and disruption to tenants in reprogramming access cards.
Tip 9: Continuity Plans – Many buildings focus on disaster plans in the event of fire, floods and other physical events, but often omit simple issues such as a systems outage. Make sure you develop a response plan and keep emergency contact details in the event of a widespread outage of key technologies that are required to manage an asset.
Final Thought for Building Managers
As our built world becomes increasingly connected and moves to the cloud, Building Managers need to see themselves as instrumental in the front-line of defence to cyber threats. Their practices and vigilance is critical to the safe functioning of our built world, as we continue to digitise built assets.
About the Author
Charn is responsible for cyber security and privacy at Willow. Prior to working at Willow, Charn was Head of Cyber Security at Prospa, an ASX listed fintech. Charn was also previously a cyber security consultant at Deloitte and Protiviti, where he was a trusted advisor to a wide range of clients in the real estate, critical infrastructure, and logistics sectors.