At this point, the importance of adhering to good cybersecurity practices is well known. What often goes unknown however, are all the current practices carried out on a daily basis that one needs to stop doing now.
If these current practices are kept up by one’s property management company, the amount of cyber risk and vulnerability observed will be exponentially higher. With an over a 600 percent increase in ransomware attacks on buildings in the last year alone, these practices facilitate becoming just another statistic. In an interview with Fred Gordy, the director of cybersecurity with Intelligent Buildings, here are the three things he explained that property management companies should stop doing right away.
When this login information is shared, more than a single individual now has access to the same capabilities as whoever shared the information. While this is not immediately an issue if it is necessary for one to be able to access that account, the problem arises now that multiple individuals have the same information, and that information has been passed along. All that it takes is for one simple misstep along the way for the information to fall into the wrong hands. From there, even if the information does not pertain to anything significant, someone with malintent can use that information to access the entirety of your network and the connected buildings.
Additionally, having that single set of a shared username and password, makes it immensely easier for a someone to obtain that information. It may take a little more time and effort, but simply creating individual sets of access information can drastically reduce risk.
This allows for someone to intrude and do whatever they please. Providing remote access to a computer essentially acts as providing a key to a building’s systems. Through remote access to a single computer, all other building systems connected to the same network can be accessed and then altered, damaged, shut down or destroyed. As an example, Fred pointed out a specific remote access software that allows easy remote access through an exploit that hackers can utilize.
This software is present in approximately 60 percent of all commercial real estate. This places about 3.5 million buildings at risk. With this all said, simply do not allow remote access to any aspects of a building, and if necessary, make sure to remove the access software as soon as it is no longer needed.
This helps in many ways, but there are two reasons that are more appealing that should make sure property management companies go ahead and educate themselves. The first way this practice is beneficial is that it can help prevent breaches in cybersecurity. On average, it takes 196 days to identify a data breach, but with increased education, property management will be able to identify a problem as soon as it arises and then correctly and promptly address the issue. This eliminates a potentially significant waiting period for an outside group to respond and fix the problem. During the time the issue goes unaddressed, matters could worsen.
Decreasing reliance on IT and OT will also save the property management company lots of expense. Not only will there be savings through the avoidance of calling in a cybersecurity group to fix issue, but additionally, money could be saved by preventing cyber-attacks that halt revenue or require large sums of cash to be resolved. An easy way to start the education process is to simply look for the low-hanging fruit opportunities and start acting on them.
For those seeking additional information on this topic, Fred Gordy welcomes all to his LinkedIn page where he posts plenty of helpful and relevant items.
To stay up to date on news and resources such as this and other topics of importance to the real estate industry, subscribe to the free CRE Insight Journal Newsletter using this link.