Connected FM: A Blog by IFMA

6 Steps to Enhance Building Cybersecurity

Written by Rishit Lakhani | Nov 19, 2024 3:15:00 PM

In today's digital age, building management systems are increasingly connected and automated. While this brings numerous benefits, it also exposes our facilities to new cybersecurity risks. As those responsible for managing these systems, we must adapt our skills and strategies to protect our buildings and their occupants from digital threats.

The Evolving Landscape of Building Management

Gone are the days when building management was solely about bricks and mortar. Now, we're dealing with a complex web of digital systems controlling everything from HVAC to access control. This shift brings efficiency and comfort but also new vulnerabilities.

Understanding the Risks

Before we can defend our systems, we need to understand what we're up against. Here are the key vulnerabilities in modern building systems:

  • Building Management Systems (BMS): These central hubs are prime targets for hackers.
  • IoT Devices: Smart thermostats and security cameras often have weak default settings.
  • Legacy Systems: Older equipment may lack modern security features.
  • Third-party Vendors: External partners might not follow best security practices.

A breach in any of these areas can lead to service disruptions, financial losses, and reputational damage.

6 Steps to Enhance Building Cybersecurity

1. Conduct Regular Security Audits

  • Assess all connected devices and networks regularly.
  • Include third-party managed systems in your audits.
  • Identify and address potential weak spots promptly.

2. Implement Network Segmentation

  • Create a separate segment for your IoT devices
  • Limit communication between segments to contain potential breaches.

3. Strengthen Access Controls and Authentication

  • Use strong, unique passwords for all systems and devices.
  • Implement multi-factor authentication where possible.
  • Adopt a zero-trust approach: verify every user and device, regardless of location.
  • Regularly review and revoke unnecessary access permissions.

4. Keep Systems Updated

  • Ensure all systems and devices run the latest software versions.
  • Prioritize security patches and updates.

5. Educate Your Team

  • Provide regular cybersecurity training for all staff.
  • Focus on recognizing phishing attempts and the importance of password security.
  • Foster a culture of cybersecurity awareness.

6. Develop an Incident Response Plan

  • Create a clear, step-by-step plan for responding to cyberattacks.
  • Include contact information, containment strategies, and communication protocols.
  • Regularly test and update the plan.

Related Article: How Facility Managers Can Defend Operational Technology in Commercial Buildings

Bridging the Gap: IT and Facility Management Collaboration

Effective cybersecurity in building management requires close collaboration between IT and facility management teams. Here's how to foster this partnership:

  • Regular joint meetings to discuss cybersecurity concerns and strategies.
  • Cross-training sessions to increase mutual understanding of each team's challenges.
  • Collaborative development of cybersecurity policies and procedures.

Looking to the Future

Cybersecurity in building management isn't just an IT issue—it's crucial for ensuring our buildings are safe, efficient, and resilient. By implementing these practical steps and fostering collaboration between IT and facility management, we can create a strong defense against digital threats. Remember, cybersecurity is an ongoing process. Stay informed, stay vigilant, and don't hesitate to seek expert help when needed. Together, we can ensure our buildings are ready for the challenges of the digital age while maintaining the highest standards of safety and efficiency.

 

Editor's Note:  Rishit Lakhani is a seasoned Solutions Engineering Leader at Nile, with over a decade of experience in enterprise networking and a proven track record in designing and deploying large-scale, high-performance networks. His expertise spans wired and wireless networks, cloud technologies, network security, and SD-WAN solutions. Rishit holds a Master’s degree in Telecommunications Technology from Rochester Institute of Technology and a Bachelor of Engineering in Electronics and Telecommunications from the University of Mumbai.

 
View full post