With technology becoming more accessible and old buildings giving way to smart buildings, the risks associated with data security have also grown exponentially. Buildings have become more vulnerable to cyber threats, putting all stakeholders at risk.
Security has become of paramount importance, and can no longer be relegated to the back burner/ an afterthought.
Understanding security risks
Data theft and security breaches are a huge concern. Owing to the nature of business, there is easy access to personal identifiable information (PII), external credit scores, and intellectual property (IP) data—making a CRE firm a perfect target for perpetrators.
The company’s network, HVAC systems, open Wi-Fi networks, IoT devices also contribute to this vulnerability, providing hackers with several entry points. Hackers gain access to sensitive data, thus compromising personal and financial data, causing revenue loss and disruptions to business continuity.
Phishing emails remain the most popular method to deliver malware. In a phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. When an end user clicks on the link or attachment it delivers malware to the end user’s device, granting acces to the company's computer networks. Typical examples of phishing emails include delivery emails related to parcels, invoice payments or utility bills.
Ransomware and malware
Ransomware is a type of malware that latches onto a computer system and threatens to destroy all the files on a computer unless a ransom is paid. Ransomware is an increasingly common online virus and can be extremely stressful and a costly affair for any firm. The malicious virus cripples the computer networks, hijacking hard drives, encrypting important files, locking computer screens. A ransom is demanded in order for control of the system to be regained.
Business email compromise
Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and have suppliers abroad. Commercial real estate companies are often targeted with this tactic. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorised transfers of funds.
Internet of things
Connecting more devices and sensors to the Internet means additional risks of breaches. IoT based distributed Distributed Denial of Service (DDoS) attacks are an attempt to make an online service unavailable by overwhelming it with traffic from multiple compromised devices, which can lead to loss of sales revenue, business disruption, and reputational damage.
The risk of malicious actors gaining control of a device and using it for their own ends is a serious concern. Attackers can exploit IoT vulnerabilities to take control of property. In the wrong hands, IoT devices could, for example, to gain access to sensitive data and transmit it to remote locations,
be used to set off nuisance alarms, turning out the lights, to create serious physical damage, and potential threat to human life.
How can we address these threats and risks?
Securing company network, and preventing these attacks is not a single person or unit’s responsibility. It is a company-wide effort and is to be activated at the company level. CRE firms must implement multilayer cyber security defense against potential threats. An effective defensive strategy that addresses current and potential threats, is a good start.
Update company cybersecurity policy and procedures and ensure that IoT devices and systems have been independently tested before installation. Having a technology-protective mindset is imperative here. Many companies also have insufficient password protection or outdated antivirus and antimalware programs that eventually contribute to heightened cyber risk. Identify such risks by conducting regular reviews, penetration tests and password changes. Keep antivirus software and firewalls active and up-to-date. Keep operating systems and programs patched and up-to-date. Ensure all files containing sensitive information are encrypted. Regularly back up critical data, applications, and systems, and keep backed up data separate from online systems.
CRE companies should create awareness within the organization about cyber risk and ways in which existing organizational policies and practices could contribute to that risk. In addition, train employees. Companies can conduct simulations to help their employees understand potential threats and learn appropriate response management tactics. This can help in lowering the risk of cyber threats.
Cyber crime is not only increasing, but it is also becoming more sophisticated. Considering data breaches as almost inevitable, a number of organisations are already looking into purchasing cyber security insurance to mitigate cost impact, if a breach occurs. Insurance is an effective way of dealing with security incidents when or if they occur. Review your current insurance coverage, and ask your insurance agent about cyber insurance and the availability and applicability of products such as social engineering fraud endorsements and computer & electronic crime riders.
While there are a number of ways in which companies can improve security, the thing that really matters the most is having a resilient and vigilant approach. CRE companies’ monitoring systems should work 24/7, with adequate support for efficient incident handling and remediation processes. Remember, creating a secure smart building infrastructure means changing and keeping abreast of policies, technologies and attitudes.
Establishing a robust process, procedures, and education within the organisation, will go a long way towards improving cybersecurity. As a part of an effective cyber risk management strategy, CRE companies need to build strongly both on its detection and response capabilities for potential cyber threats.