In response to buyer and tenant expectations, many owners and developers are now regularly incorporating smart technologies in their projects. But buyers and tenants understandably also have expectations regarding cybersecurity measures. The risks are real, but they can be significantly reduced with forethought and vigilance.
Identify Inherent Risks
Smart technologies almost by definition capture and disseminate mounds of personal information. While personal information often is thought of as referring to Social Security numbers, credit card information, and the like, identity theft isn’t the only potential problem.
Other kinds of personal data also can prove valuable to bad actors. Hackers can use smart technologies like thermostats and appliances to learn, for example, daily habits and when the property is unoccupied. And they can gain access to a network and the data that resides there through a single unsecured device.
The results of such a breach can be costly. In addition to reputational damage and increased vacancies, poor security practices can lead to stiff statutory or regulatory penalties and fines, as well as lawsuits. The 2020 “Cost of a Data Breach Report,” from the Ponemon Institute and IBM Security, put the average cost of a data breach at $3.86 million. The figure includes lost business, fines and penalties, and detection, response, and notification activities.
Build a Strong Defense
Some buildings use different technologies that operate in isolation from each other, thereby exacerbating risk. A breach of one technology, for example, can go unnoticed by others, leaving them similarly vulnerable. Plus, lessons learned in one tool can help protect others. Building owners and operators, therefore, need to implement an integrated defense.
A good defense begins with a formal data governance policy. The policy should specify the data to be secured, define what is meant by “secure” and identify red flags (for example, network access from an unusual location) that will trigger alerts that something could be amiss. It also should clearly assign roles and responsibilities related to maintaining security.
It’s best to adopt security tools and systems that are designed specifically for smart technologies, rather than trying to retrofit existing defenses. Performing due diligence on vendors also is vital.
Strive for Continuous Improvement
Make data security an ongoing priority. Policies and procedures, for example, should be updated regularly to reflect the evolving risks and solutions. Those that don’t get on board will soon fall behind the competition. Contact Abbott, Stringham & Lynch’s Real Estate Group if you have any questions regarding your cybersecurity measures.