Over the last decade, the way commercial office buildings operate has become more sophisticated and streamlined with new advances in technology. From building connectivity to HVAC systems to keyless entry—tech and smart tech has made its way into nearly every facet of how a building operates.
But as the technology has become more advanced and ingrained in building operations, the risk of cyber breaches has increased. Each new access point is a potential security risk that could be exploited by a cybercriminal—even something as seemingly innocuous as a thermometer or a light fixture.
Cyber risks are real and should be taken very seriously by building owners and managers, said Canadian Cyber Threat Exchange Executive Director Bob Gordon during the panel. Last year, BOMA Canada released a 16-page guide to “Cyber Wellness” for commercial real estate building operations.
“Now that smart buildings and smart devices in buildings are growing, cyber security incidents at a building could have a significant impact on the property and its operations,” BOMA wrote in the guide. The organization identified more than 30 smart systems that have been developed within buildings, including card readers, chillers and boilers, lighting and electric, gas and heating.
A breach of any system could have an impact ranging from minor to disastrous. Employees’ safety and damage to property could be at risk, and property managers could even be held to monetary ransom. Cyber security incidents could impact a company’s reputation, the trust of tenants or consumers, and could result in costly legal action. The average cost of a data breach in 2020 is $3.8 million, according to a study by Ponemon Institute.
And amid an ongoing global health crisis, attacks have ramped up even more.
“Cyber criminals are taking advantage of us while we’re dealing with the COVID-19 pandemic,” said Gordon. “We’ve seen a 400 percent increase in attacks in May and June.”
To safeguard property, staff and data, owners and managers should start by taking stock of all building systems, connectivity and access points in a building.
“The first step is to get a comprehensive understanding of the environment and the risks present,” said Trent Bester, Senior Vice President of Consulting and Public Sector at MNP. “The last thing you want to be doing when you have a breach is figuring out what all your systems are and how they integrate.”
Mapping all interaction points can help give managers the whole picture of a property and a better understanding of what risks they could potentially face. The map essentially becomes the foundation of a preventative strategy as well as a respo
“Cyber criminals are taking advantage of us while we’re dealing with the COVID-19 pandemic,” said Gordon. “We’ve seen a 400 percent increase in attacks in May and June.”
“That’s a huge point that we at Colliers are thinking about every day,” he said. The biggest challenge he sees is educating the broader property management community about what exactly what cyber security is, how it’s understood, how to assess vulnerabilities at properties and what to do about it.
Beyond mapping out all building systems and having tight security protocols in place, Cichy urged property managers not to overlook a simple building walkthrough to spot potential risks.
“We’ve seen IT closets unlocked, passwords taped to monitors—it’s not that they’re doing something wrong, they just haven’t been educated. You’ve got to get out there and assess and walk through an asset building by building. Vulnerabilities are out there, even in the best of buildings.”
Panelists’ best advice to property managers is to keep things simple, take action, and align yourself with people you trust.
“If you haven’t started the process, get something going,” said Bester. “Engage your entire team, because there’s a lot of simple things you can do with your employees and team to really mitigate a lot of the risk.”