In response to buyer and tenant expectations to be competitive in the market, many owners and developers are regularly incorporating smart technologies in their projects. Buyers and tenants also understandably have expectations regarding cybersecurity measures. The risks are real, but they can be significantly reduced with forethought and vigilance.
Identify inherent risks
Smart technologies almost by definition capture and disseminate mounds of personal information. While personal information often is thought of as referring to Social Security numbers, credit card information and the like, identity theft is not the only potential problem.
Other kinds of personal data can also prove valuable. For example, hackers can use smart technologies like thermostats and appliances to learn daily habits and when the property is unoccupied. And, they can gain access to a network and the data that resides there through a single unsecured device.
The results of such a breach can be costly. In addition to reputational damage and increased vacancies, poor security practices can lead to stiff statutory or regulatory penalties and fines, as well as lawsuits. The 2020 “Cost of a Data Breach Report,” from the Ponemon Institute and IBM Security, put the average cost of a data breach at $3.86 million. The figure includes lost business, fines and penalties, detection and response, and notification activities.
Build a strong defense
Some buildings use different technologies that operate in isolation from each other, thereby exacerbating risk. For example, a breach of one technology can go unnoticed by others leaving them similarly vulnerable. Lessons learned in one tool can help protect others. Therefore, building owners and operators need to implement an integrated defense.
A good defense begins with a formal data governance policy. The policy should specify the data to be secured, define what is meant by “secure” and identify red flags (for example, network access from an unusual location) that will trigger alerts that something could be amiss. It also should assign roles and responsibilities related to maintaining security.
It is best to adopt security tools and systems that are designed specifically for smart technologies, rather than trying to retrofit existing defenses. Performing due diligence on vendors is also vital.
Related Read: Get Smart with “Smart Buildings”
Strive for continuous improvement
Make data security an ongoing priority. Policies and procedures, for example, should be updated regularly to reflect the evolving risks and solutions. Those that do not get on board will soon fall behind the competition.
For more information, contact Adam Levine at [email protected] or 312.670.7444. Visit ORBA.com to learn more about our Real Estate Group.