With the rise of Proptech, buildings are becoming increasingly interconnected through networks and IoT devices – and generate vast quantities of data. While this data can improve facility operations and efficiency, it also introduces big security risks if not properly safeguarded.
Consider the following scenario: Unauthorized individuals have managed to gain initial access to a system and gradually escalated their privileges through careful maneuvering, thus obtaining increasingly broader access to systems and sensitive data.
Why is cybersecurity a question for buildings?
Every organization today stores sensitive data in some form or another. Smart buildings require building owners to understand the organization's data security needs as operations move to the cloud. Building systems are also collecting and storing more data than before – becoming even more attractive to attackers.
"It goes beyond the mere loss of data or the immediate financial impact of mitigating or containing an attack. The true reality is far more complex, and every organization must recognize the combined risks associated with reputational damage. Such damage can not only jeopardize new contract opportunities but also impact existing contractual agreements," says John-Helge Gantz, Information Security Manager at Kiona.
"Moreover, the consequences of non-compliance with or breaches of data protection regulations can have a profound and lasting impact on the overall financial sustainability of an organization."
Many wonder what it costs to ensure data security in buildings. While there is undoubtedly a cost associated with implementing security measures, the real question is, what does it cost not to focus on security?
Therefore, building owners need control over who can access data and how it is stored and protected by, for instance, third parties.
Local installation or cloud solution?
One common question when it comes to data security in buildings is whether it is better to use a local installation or a cloud-based solution. The truth is that there is no one-size-fits-all answer to this question. Both options have pros and cons, and the security of each will depend on how well they are configured and maintained.
To compare the two, you have to work on the assumption that you have a local installation that is perfectly configured and a cloud solution that is perfectly configured. In that case, there is no big difference in basic security. It all comes down to how you handle moving from only managing technical equipment to taking on the IT role.
How can you work with security in your facility?
With more than 55 000 buildings connected, we generate several billion data points every day, so it's safe to say cyber security is vital to us.
Implementing access control, using strong encryption to protect data, regularly updating software (and patching vulnerabilities), and training employees on best practices for data security, are some of the efforts you should pay attention to at your end.
No solution is more secure than the weakest link
And the weakest link is typically us humans. That's why it's essential to keep access control in mind. This will help ensure that only authorized personnel have access to your building's data and that a breach doesn't come from one of your passwords being found in a leak. To keep the bad guys out – you need a password strategy.
By implementing Multi-Factor Authentication (MFA), you add an additional layer of security. This reduces the system's likelihood of breaches based on human interactions, emotions, and blind trust.
Data processing agreements (DPA)
Data privacy in buildings
The General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA), and other regulations have increased the focus on protecting personal data. And as a building owner who shares data with others, the division of responsibilities must be clear.
With a Data Processing Agreement based on the GDPR regulations, you have a secure starting point for an agreement with a supplier and a good knowledge of how data is handled.
A DPA establishes clear guidelines for a supplier's handling, storage, and data processing. It ensures that each party understands its responsibilities for data protection and implements security measures to prevent loss or misuse of data.
Minimize risk with regular updates
Finally, it's important to keep your software up to date. Software updates often include patches for security vulnerabilities, so by keeping your software up to date, you can make sure that your building's data is as safe as possible.
Remember to stay aware of your exposure and attack surfaces. When you minimize the organization's exposure, you also decrease the threats and risks it faces.
Explore our products and solutions for building management