ADVICE & OPINION
COMPLIANCE
TAKE ACTION TO SECURE
SMART BUILDINGS Smart devices are often connected using unsecured internet such as guest Wi-Fi
In association with
in buildings, which makes them vulnerable to hackers. John Archer, Solutions
Director at Backbone Connect explains how to navigate the cybersecurity risks of
smart building technology https://backboneconnect.co.uk
There is a tech revolution happening at our
workplaces. Landlords and building tenants
are investing in an array of smart building
systems, from apps that allow heating, lights
and even kettles to be controlled remotely, to
facial recognition powered security. Facilities
management teams are at the heart of the
shi , using new technology to improve the user
experience and help make workspaces more
productive and e icient. In fact, it’s fast topping
occupant’s priority list – we know for example that
69 per cent of tenants would pay more for tech that
helps them achieve net zero goals and boost sta
wellbeing and performance.
But what many people don’t realise is that the
more smart tech they install, the more vulnerable
their buildings and the businesses working within
them can be to cyber-attacks. As systems become
more complex, facilities management teams need
to understand these vulnerabilities and be aware of
the potential risks, helping to protect landlords and
occupiers’ businesses and reputations.
UNDERSTANDING THE RISK
The first thing to know is that the smart building
industry isn’t regulated. Technology is frequently
installed in a piecemeal fashion, one device at a
time without a wider over-arching framework. Why
does that matter? O en these devices are installed
on guest WiFi networks or connected ad-hoc to
various broadband lines – this becomes a weak point
which hackers can take advantage of to access wider
networks.
At best, this could lead to them wreaking havoc
with internal systems like building access or lighting,
inconveniencing workers and disrupting businesses.
However, attacks are typically far more malicious in
intent, with criminals using the devices as a stepping
stone to steal or ransom data. This can lead to GDPR
breaches as well as significant potential financial
losses and reputational damage for businesses. For
o… ice landlords these attacks can lead to serious
consequences for their portfolios, limiting their ability
to attract new tenants if their buildings are perceived
14 FEBRUARY 2022
as unsafe. They may even be seen as culpable for
failing to secure assets properly. For occupiers
themselves, being the victim of a hacker could
substantially harm their relationships with investors,
customers, partners and suppliers.
Since the pandemic, cybersecurity attacks have
been rising exponentially. There has been a 62 per
cent increase in ransomware globally since 2019,
according to the 2021 SonicWall Cyber Threat Report.
Without su… icient protection against dangers like this,
the very technology which is being used to improve
the workplace experience could actually significantly
damage businesses.
WHO IS RESPONSIBLE?
The good news is that facilities management teams
can act as the first line of defence against attacks
on smart buildings. At design and installation stage,
teams have an important advisory role to play,
encouraging occupiers or building owners to embed
cybersecurity considerations within an overall
technology strategy. This should include setting up a
separate, secure and ring-fenced ‘internet of things’
network which will only be used for smart devices.
For buildings where technology is already installed,
teams should consider conducting a cybersecurity
audit to identify weak points which hackers could
exploit. At Backbone Connect, when we conduct
audits we typically find that it’s the very simplest
measures which get overlooked – teams failing
to change default passwords, create separate IoT
networks or run so ware updates. Ongoing, FM
providers should maintain good security hygiene,
following best practices such as changing passwords,
making sure system updates are installed and keeping
sta… (their own and at tenants’ businesses) reminded
of the dangers of common phishing scams.
Smart buildings are undoubtedly the future. But
this technology also brings new responsibilities for
everyone involved, including FM teams. Consider the
advent of electric vehicles, car mechanics no longer
just have to be experts in engines – they now need
an understanding of complex computer programmes
and electrical systems to keep vehicles running. In the
same way, modern facilities management teams have
to be trained not only to manage the physical needs
of a building and its occupants, but also how to run
and safeguard an asset’s associated smart systems.
Failing to understand the risk smart buildings can
pose for landlords and workplace occupiers could
bring significant financial and reputational harm. FM
providers have a duty of care to clients to ensure they
are ready for and protected against cybersecurity
threats.
TOP TIPS FOR FMS
The steps to safer smart buildings
Assess smart devices within the context of a wider
cybersecurity strategy – if devices are being installed
make sure they are set up on a distinct, secure network;
change default passwords; and ensure firewalls are in
place
Carry out annual cybersecurity audits – third-party
providers will often do this for free
Practice good cybersecurity hygiene – change passwords
often, remind employees of the risks of potential phishing
scams, update systems regularly and be alive to new and
emerging threats
/backboneconnect.co.uk
