Smart devices are often connected using unsecured internet such as guest Wi-Fi in buildings, which makes them vulnerable to hackers. John Archer, Solutions Director at Backbone Connect explains how to navigate the cybersecurity risks of smart building technology
There is a tech revolution happening at our workplaces. Landlords and building tenants are investing in an array of smart building systems, from apps that allow heating, lights and even kettles to be controlled remotely, to facial recognition powered security. Facilities management teams are at the heart of the shift, using new technology to improve the user experience and help make workspaces more productive and efficient. In fact, it’s fast topping occupant’s priority list – we know for example that 69 per cent of tenants would pay more for tech that helps them achieve net zero goals and boost staff wellbeing and performance.
But what many people don’t realise is that the more smart tech they install, the more vulnerable their buildings and the businesses working within them can be to cyber-attacks. As systems become more complex, facilities management teams need to understand these vulnerabilities and be aware of the potential risks, helping to protect landlords and occupiers’ businesses and reputations.
UNDERSTANDING THE RISK
The first thing to know is that the smart building industry isn’t regulated. Technology is frequently installed in a piecemeal fashion, one device at a time without a wider over-arching framework. Why does that matter? Often these devices are installed on guest WiFi networks or connected ad-hoc to various broadband lines – this becomes a weak point which hackers can take advantage of to access wider networks.
At best, this could lead to them wreaking havoc with internal systems like building access or lighting, inconveniencing workers and disrupting businesses. However, attacks are typically far more malicious in intent, with criminals using the devices as a stepping stone to steal or ransom data. This can lead to GDPR breaches as well as significant potential financial losses and reputational damage for businesses. For office landlords these attacks can lead to serious consequences for their portfolios, limiting their ability to attract new tenants if their buildings are perceived as unsafe. They may even be seen as culpable for failing to secure assets properly. For occupiers themselves, being the victim of a hacker could substantially harm their relationships with investors, customers, partners and suppliers.
Since the pandemic, cybersecurity attacks have been rising exponentially. There has been a 62 per cent increase in ransomware globally since 2019, according to the 2021 SonicWall Cyber Threat Report. Without sufficient protection against dangers like this, the very technology which is being used to improve the workplace experience could actually significantly damage businesses.
WHO IS RESPONSIBLE?
The good news is that facilities management teams can act as the first line of defence against attacks on smart buildings. At design and installation stage, teams have an important advisory role to play, encouraging occupiers or building owners to embed cybersecurity considerations within an overall technology strategy. This should include setting up a separate, secure and ring-fenced ‘internet of things’ network which will only be used for smart devices.
For buildings where technology is already installed, teams should consider conducting a cybersecurity audit to identify weak points which hackers could exploit. At Backbone Connect, when we conduct audits we typically find that it’s the very simplest measures which get overlooked – teams failing to change default passwords, create separate IoT networks or run software updates. Ongoing, FM providers should maintain good security hygiene, following best practices such as changing passwords, making sure system updates are installed and keeping staff (their own and at tenants’ businesses) reminded of the dangers of common phishing scams.
Smart buildings are undoubtedly the future. But this technology also brings new responsibilities for everyone involved, including FM teams. Consider the advent of electric vehicles, car mechanics no longer just have to be experts in engines – they now need an understanding of complex computer programmes and electrical systems to keep vehicles running. In the same way, modern facilities management teams have to be trained not only to manage the physical needs of a building and its occupants, but also how to run and safeguard an asset’s associated smart systems. Failing to understand the risk smart buildings can pose for landlords and workplace occupiers could bring significant financial and reputational harm. FM providers have a duty of care to clients to ensure they are ready for and protected against cybersecurity threats.
⇒ Assess smart devices within the context of a wider cybersecurity strategy – if devices are being installed make sure they are set up on a distinct, secure network; change default passwords; and ensure firewalls are in place.
⇒ Carry out annual cybersecurity audits – third-party providers will often do this for free.
⇒ Practice good cybersecurity hygiene – change passwords often, remind employees of the risks of potential phishing scams, update systems regularly and be alive to new and emerging threats.
In association with https://backboneconnect.co.uk