Workplaces are becoming smarter, but as we install more tech, we are making buildings vulnerable to potential cyberattacks.
Tenants increasingly want digitally-enabled spaces to support their corporate, commercial, and ESG goals, and the commercial office sector is responding – from smart sensors which allow energy use to be monitored, to security systems powered by facial recognition technology. But each new system creates a potential weak point that cybercriminals can exploit.
At best this could see attackers disabling security functions, heating, digital connectivity, or lighting, causing significant disruption for tenants’ businesses. More worryingly, hackers can use smart devices as a stepping stone to access confidential data which they can then steal or ransom. Attacks can come from multiple sources, for example, the UK’s National Cyber Security Centre was recently warning businesses that they may be targets of malicious activity by Russia.
Whatever the motivation, the implications of cyber assaults can be far-reaching - from GDPR breaches to financial loss and reputational damage for both tenant and landlords’ businesses, harming relationships with investors, customers, partners, and suppliers. For asset owners, attacks can have long knock-on effects on their ability to secure leases if tenants perceive their workspaces as unsecure. Cyber security hasn’t traditionally been seen as landlords’ responsibility but now they need to understand how to protect their assets and their tenants. If not they could face serious consequences.
What can be done?
A rigorous approach to cyber security needs to be front and centre of asset managers’ and landlords’ technology strategies. The first step is to ensure smart systems are procured, installed, and secured effectively.
Landlords should be aware that the smart building industry isn’t regulated. This means that providers aren’t required to follow a consistent code of conduct, and technology can often be installed in an ad-hoc fashion. Common errors include devices being connected to guest WiFi services, creating an easy access point for hackers to gain entry to other building networks. Systems should always be installed as part of a wider, coherent ‘internet of things’ strategy, with devices connected to segregated IoT data networks and using separate secure internet lines.
Ongoing, landlords must ensure their building management teams conduct regular cyber security audits to identify potential new weak points. Third-party specialists will often perform these checks for free and can offer advice to resolve any issues.
Building management teams must then act on the findings. Aside from keeping devices on separate networks, building managers must be well versed in good cyber security practices, including consistent updates, phishing awareness, and regular password changes.
With great tech comes great responsibility
Technology is becoming an increasingly crucial part of leasing strategies for commercial property. What landlords need to understand is that this shift brings with it a new set of considerations to ensure tenants and their businesses can operate safely and effectively.
In 2022 this means looking beyond the physical fabric of buildings. Landlords and asset managers must now be literate and competent in the risks, challenges, and skills associated with the use and maintenance of digital infrastructure. Cyber security checks should be as routine and expected as energy efficiency checks or electrical safety certificates for the modern workplace.
Smart Building Cyber Risk Assessment
Our Smart Building Cyber Risk Assessment is a 360-degree review of your physical environments, hardware and IoT, platforms and data, and partners. From the assessment, you’ll:
• Pin point smart building weaknesses
• Reduce the threat of cyber attacks
• Protect your reputation, investors, and occupiers.