Let’s say you’re hired to build a brand new house. Where do you begin? Would your first step be to jump into site prep and foundation work, or would you rush immediately to putting up walls and a roof?
There is, of course, an obvious right answer. If you’re thinking that this is supposed to be an analogy, you’d be absolutely correct. The number of property businesses that offer high-quality services, beautiful spaces, and advanced amenity packages, but then don’t establish a comprehensive security program, is astounding: perhaps 7 out of 10 businesses in total.
It’s an issue that is getting bigger every day, thanks in many ways to our own technological advancement. One of the most noteworthy demonstrations of the cybersecurity risks facing modern businesses is actually not particularly new. Back in 2015, a pair of security researchers remotely disabled a Jeep over the internet in a Wired article.
Since then, things have only gotten more difficult, and the property business is particularly exposed. Consider that within building IoT networks, every networked device is a possible access point. So is every employee. There are dozens of videos on YouTube where skilled hackers counter-scam internet scammers, for instance by subverting an attempted remote connection. The protagonist of these videos then typically gains more and more control over the scammer’s system, in some cases even going so far as to remotely control their webcams.
This is the sort of thing that the bad guys can do, too. I caught a particularly concerning announcement just a few weeks ago, when it was announced that a new partnership in the emergency technology space means that first responders can now remotely control building systems such as access control. This is good, because in the event of an emergency it means that firefighters, police, and paramedics will have an easier time navigating large and potentially complex buildings. On the other hand, it poses yet another opportunity for hackers to infiltrate secure spaces, both digital and physical.
These challenges are bothering Min Kyriannis, Cybersecurity and Technology Business Development Associate with building systems firm Jaros, Baum & Bolles. Min told me that property owners are doing far from enough to weather the cybersecurity storm. “Many companies either don’t have the funding to upgrade, feel like they won’t be targeted, or aren’t even aware of the scope of the problem,” Min said, adding that “Companies need to be diligent in doing an analysis of their internal systems in order to understand what their vulnerabilities are—not just their IT systems, but all IoT devices, network devices, building systems, etc. that connect to or have the ability to get onto the network.”
One of the things that makes security so tough to address is that it can be difficult to determine where exactly the buck stops. Sure, owners should be extremely proactive with their security preparations and auditing, but Min added that it is at least partially the responsibility of vendors and suppliers to ensure that their products and services are delivered securely.
“At JB&B,” Min said, “We started talking about this with manufacturers over two and a half years ago and established new cybersecurity specifications for building systems based on this information. We’re also talking to landlords and other stakeholders to raise awareness about this issue. Beyond that, we’re also working proactively with manufactures across trades and verticals not just to raise awareness, but to discuss the various security parameters that can be utilized in order to make it harder for stakeholders to be compromised. Unfortunately, in cybersecurity there’s no silver bullet. People with malicious intent will always be looking for ways to gain access. So we need to be diligent and proactive about it.”
This is certainly not what owners want to hear. Property managers and investors already have a thousand other concerns to spend their time on, from allocating capital properly to actually ensuring a quality tenant experience. But the reality is that the cost of security breaches can be huge for both the owners themselves and for tenants as well: stolen files, stolen money, compromised access, and service interruptions.
While there may be no silver security bullet, cybersecurity really is one of those areas where periodic attention can pay off in spades. Think about it like insurance: sure, hopefully you will never need to use it, but in the event that you do, you’ll wish you’d put in the time and effort to ensure long-term system upkeep.