Cybersecurity: Is Your Building at Risk?

Last year, I experienced three incidents in which my personal and financial information were threatened. The first occurred after I used my debit card at a neighborhood ATM. The next day, several strange debits appeared on my checking account. I was convinced my debit-card number had been skimmed somehow when I swiped it in the ATM and shared my concerns with my banker as I filled out the forms to dispute the debits, cancel my card and apply for a new one. She told me there was nothing she could do. She wasn’t even interested in contacting the ATM owner in an attempt to protect other users from having their accounts compromised. Basically, I was told to keep an eye on my account and sent on my merry way.

Not more than a month later, I received a letter from my doctor’s office saying the clinic had been broken into and desktop computers that may or may not have contained my medical and insurance information, as well as my social security number, were stolen. The office offered one year of personal credit monitoring, which I accepted. (Fortunately, no red flags have ever shown up on my credit.)

Then, a few months after the doctor’s office break-in, Target experienced its cybersecurity breach. I had shopped there—using my debit card—during the time Target warned credit and debit data might have been compromised. Could I possibly have been a victim of cyber thieves three times in a six-month period? I wasn’t, thankfully, but the worry was exasperating. From my understanding, there’s really no way to truly protect your financial and personal data these days. And, once your information is compromised, the crooks typically are not tracked down or prosecuted. We as consumers just have to be vigilant of our accounts and credit, take immediate corrective action if something happens, and then deal with increased prices and fees to offset these cyber crimes while the thieves enjoy the spoils of their “work” with few repercussions. It’s enough to make a person want to go off the grid!

So what does this have to do with buildings? Turns out building-automation systems (BAS) may be a point of least resistance by which thieves can access the corporate LAN and locate a building’s or company’s “secure” information. In fact, according to the recently formed Cybersecurity Committee of the InsideIQ Building Automation Alliance, an international alliance of independent building-automation contractors, cybersecurity threats are especially a problem for older BAS in existing buildings.

In our “Business” article, two members of the InsideIQ Building Automation Alliance’s Cybersecurity Committee recommend several best practices to protect facilities, businesses and data from the risks of BAS vulnerability.

I discussed cyber threats recently with a high-school friend who is a regional manager for a global cybersecurity firm. His thoughts underscore the fact that your buildings and potentially your customers are under constant threat of cybersecurity breaches: “Building owners and managers should consider any equipment connected to the Internet to be directly under attack,” he says. “As your tenants harden their networks, cyber thieves will simply target a weaker link in the IT chain. Today the weakest link may be third-party IT connections, like HVAC automation. Technology is available to mitigate risk. Don’t be the weak link! Manage the risk, and use the investment to attract and retain tenants.”

About the Author

Christina A. Koch
Christina A. Koch is editorial director and associate publisher of retrofit.

Be the first to comment on "Cybersecurity: Is Your Building at Risk?"

Leave a Reply

%d bloggers like this: