The COVID-19 pandemic has upheaved nearly every business around the globe—especially commercial real estate. As lockdowns were enforced and businesses began to shutter brick and mortar locations, leaving employees working remote, property owners were faced with a difficult reality. As society slowly returns to an altered state of “normal,” property owners are rethinking their business practices—how to host virtual showings and redefine lease structures. But, most importantly, they should be thinking about cyber security.
Having a remote or hybrid workforce is no longer a “trend” that will die out when the pandemic is under control. This will continue into 2021 and beyond, as employees value the flexibility and safety it affords. As property owners and managers adjust staffing and scheduling to fit this new model, more questions about cyber security arise – how secure are employees’ home connections? Do they have the bandwidth to manage their workloads? What about VPN licenses—are owners selecting the right ones for optimal security?
More sophisticated attacks, more attack space
The “crown jewels” of a company’s data—like PPI, health records, financial information and more – are now lingering on laptops and personal computers connected to employees’ home networks. Those in hybrid environments—splitting time between the building and home offices—also are at risk, with vulnerabilities more exposed due to long building vacancies. With the potential for threats on both the home front and within building networks, owners and managers need to find better security solutions without affecting productivity.
While CRE businesses have always faced certain cyber security challenges, this environment has made them more pronounced than before. The targets are much “softer,” increasing the risk of ransomware and other cyberattacks, which have become highly sophisticated over the years. Owners and managers need to be more prepared than ever to fend off these attacks and understand that security is the key to protecting their business.
The Basics of Cyber Hygiene
So, what can property owners and managers do to enhance their cyber security? At a high level, there are several basic cyber hygiene regimens businesses should implement and maintain on a regular basis for enhanced security—both at the home “office” and for those back working in their buildings.
When working remote, there are several steps owners/managers need to communicate with their employees to keep their operations protected:
- Ensure home networks are secure – if employees are handling sensitive information from home, they need to have strong network security.
- Have default passwords and accounts on home routers changed frequently – rotating these on a regular basis will help thwart attackers from getting inside the networks.
- Limit who has access to information – make sure no one outside the assigned team members has access to sensitive information.
- Keep home smart devices on a separate part of home WiFi – employees should be thoughtful where they put their devices. Keep home and business devices on separate parts of home WiFi networks to limit the chance of an attack.
- And the most basic of these steps is continuing to lock computers – being at home more frequently means your computer is exposed to kids, pets, roommates, etc. Locking computers with a password helps prevent the accidental email or opened attachment.
Companies bringing employees back to the building in hybrid situations have a few additional procedures to follow:
- Always use multi-factor authentication – this provides an additional layer of security and helps reduce risks from compromised passwords.
- Conduct security awareness programs with all employees – walk through simulated phishing campaigns and other exercises to make sure employees recognize the signs of a scam. Remind them not to open suspicious attachments or respond to emails from unknown sources and offer sensitive information.
- Invest in measures needed to operate effective and safe hybrid environments – implement proper, commercial-grade VPNs, not those with free licenses.
- Have offline backups of all data – data stored in the cloud is just as vulnerable, so back it up offline.
Implementing these measures in the real-world isn’t a complicated task, and it’s paying off for CRE customers who make security a priority. A multifamily property owner proactively began bulking up cybersecurity for their property in early 2019—long before the pandemic was on the country’s radar. By having measures already in place, the foundation was laid, and the team was prepared when employees shifted to remote work in 2020. They’ve since been operating successfully, with little to no security disruptions.
Having multiple layers of defense—in their buildings and at home—will enhance cyber security for commercial property owners in their ever-changing workspaces. But with this also comes the need to provide a good end-user experience for their employees. Make sure to communicate and offer staff the support they need to implement these measures—as they won’t have the time or patience to deal with new measures that are too complicated to perform.
And, even if some property owners haven’t taken the initiative to improve their security measures yet—it’s not too late. Utilize your internal IT teams and reach out to a security partner to keep your building and technology safe from bad actors.
Don Goldstein is CEO of 5Q Cyber, a leading cyber security firm serving clients in the commercial real estate industry. Goldstein has 37 years in technology leadership and 22 years of experience in commercial real estate, having served as the CIO and CISO for the world’s largest CRE services company. As CEO of 5Q Cyber, he is responsible for overall leadership and development of the 5Q Cyber team and lines of business.