CRE Trends: Limiting Exposure to CRE Cyber Risk
By: Mandy Brown
The underlying question for cybersecurity in the workplace is no longer “will you be hacked?” but rather “when will you be hacked?”
As real estate organizations respond to the demand to be interconnected and embrace technology in their developments and within their organizations, they are also exposing themselves to ever-increasing and sophisticated cyber risk.
Building developments need to consider the infrastructure required to protect companies within their buildings in order to best compete in the marketplace.
One of the problems with cybersecurity is simply that most professionals do not know exactly what it is in practice. At a recent panel session at Commercial Real Estate Conference 2016, speaker Robert Entin, executive vice president and CIO at Vornado Realty Trust, has seen in recent years companies that are unaware they have even been hacked until a law enforcement official notifies them six to 12 months after the incident occurred.
How does that happen? Entin explained that these malicious hackers use sophisticated phishing attempts to gain access to sensitive information inside or outside the network. Adam Thomas, principal, Deloitte, said that nine times out of 10 it is an employee clicking a suspicious link and unknowingly providing their credentials to the hacker.
Both speakers agreed the best way to protect your company from a security hack is to give employee awareness training. This might be the best form of protection. It gives employees the knowledge to recognize when they are being phished.
With the new age of technology and mobile way of working, cybersecurity measures should be taken on all platforms. MDM (mobile device management) software should be enforced to help monitor the activity if any employees are accessing company information on their personal device.
Although many people think that a firewall is the best form of protection for personal computers, it is really only 30-40 percent effective. Malware can stay undetected in the background of the computer and wait for employees to enter sensitive information to steal.
This issue is critically important to the commercial real estate market because sophisticated identity theft and fraud is taking on a new form of attack by targeting the buildings themselves.
Building systems, such as telephone services and systems, fire alarms, heating – anything that is now kept electronically is vulnerable. Entin says the protection for these types of networks functions in the same way as email cyber breaks, since it is controlled digitally. Thomas mentioned cyber insurance needs to be evaluated properly for the use and needs for each company.
Information stored in “the cloud” is no less vulnerable. Just as technology and buildings need a security plan, protecting cloud-based systems requires review by the IT or security teams to make sure all precautions are taken to protect sensitive information.
Image courtesy of Business Rewritten
[Editor’s Note: SmallGiants recently contributed live blogs during NAIOP’s Commercial Real Estate Conference 2016 held September 26 – 28, 2016 in Scottsdale, Arizona. This series highlights trends in the commercial real estate industry. These are re-published with permission from SmallGiants.]