Back to Blog

cybersecurity

Maximize Cybersecurity in Smart Buildings to Protect Employee and Occupant Data

Image of Richard Miller
Richard Miller

Smart buildings offer tremendous benefits. From energy reduction to increased productivity to better occupant experiences, it’s no wonder smart technology is becoming an essential part of modern buildings. But with increased connectivity and each device serving as a potential point of entry, smart buildings are vulnerable to cyber attacks in ways that traditional buildings are not. 

Cyber attacks can cause significant damages that result in extended downtime and financial losses. But one of the most serious risks is compromising employee and occupant data. Cybersecurity in smart buildings must be a top priority to keep employees and occupants safe and protect the valuable relationships you have with the people in your buildings.

Cybersecurity in Smart Buildings: Common Threats 

As smart buildings become more common, so do the cyber attacks that target them. In 2019 alone, nearly 4 out of every 10 smart buildings were targeted by malicious actors, and that number is only expected to grow. You need to know what you are up against.

Common types of cyber attacks include:

  • Ransomware: Ransomware attacks use malicious software to seize control of systems and extrapolate valuable information before holding the information hostage for payment. Ransomware is typically downloaded to the network by an unwitting user from a website or an email.

    In Austria, for example, a prominent hotel was attacked by cyber criminals who hijacked the hotel’s electronic key system. The attackers sent a ransomware email disguised as a bill to hold the locks hostage until the ransom was paid, leaving guests unable to enter their rooms and disrupting business operations. 

  • Man-in-the-Middle (MITM) attacks: In a MITM attack, the attacker is able to position themselves in the “middle” of two or more users, networks, or computers and eavesdrop on the data being sent back and forth between them.

  • Phishing and spoofing attacks: Phishing and spoofing attacks occur when bad actors send malicious emails that appear as if they are from legitimate sources. They seek to use this trust to obtain sensitive information from the target. Often, phishing emails include a link to a website that will install malware on the user’s device as a way to gain access to the network and data.

  • Denial of Service (DoS) attacks: A DoS attack is when cybercriminals flood systems, services, or networks with traffic/information to overload its resources. This leaves the systems in question unable to process information and complete requests, effectively rendering the system paralyzed.


While hindering operations and demanding ransoms can be a huge blow for business, compromised personal data can be even more damaging. If cyber criminals gain access to employee and occupant data, the repercussions can be personally devastating for the affected individuals. Moreover, the loss of trust can have a profound impact on your business. But there are solutions that ensure strong cybersecurity in smart buildings. 

Preventive Security Solutions for Smart Buildings 

The vulnerabilities created by smart technology may make some people question whether making a building smart is worth it. But with a thoughtful approach and the right tools, you can protect yourself against cybersecurity risks while optimizing the benefits of smart building technology

Buildings IOT’s innovative smart building solutions are secure from end-to-end. The following are just some of the ways we ensure strong cybersecurity in smart buildings:

  • Privately Hosted Data Center Facilities: While we also use public data centers, we make use of fully redundant paths from networks to each private VLAN prevent interfaces or configurations to be shared by any system or user. This leaves no single point of failure between the core of the network and the internet for bad actors to exploit. 

  • Access Control and Organizational Security: Any who touches our data, be it employee or contractor, signs confidentiality agreements before gaining access. Our entire staff is trained on security concerns and best practices for our systems and remote access is via a VPN that uses two factor authentication. BIOT’s products and customer training includes giving you the ability to set appropriate access levels to train everyone with access to the best practices. It’s imperative to nurture the human factor of any system to ensure the right people with the right training have the right access.

  • User Authentication: Our authentication requires building- and role-centric authorization to manage access. 

  • Encryption: All external traffic is encrypted with TLS 1.2+. Transport Layer Security (TLS) is protocol for implementing cryptography and provides secure communication over a network.

  • JSON Web Tokens: By using JWTs, information is transmitted securely between trusted partiers.

  • Dedicated Expertise: Buildings IOT is a leading expert in both SaaS applications and IT/network security solutions. By having experience with high compliance domains, Buildings IOT is able to ensure the highest level of security for your operations. 

  • Zero Trust: Buildings IOT’s ethos is to trust nobody and always verify access to users across all devices. By regulating access to resources, systems, and software, this constant verification process significantly shrinks the ability for bad actors to infiltrate from either external or internal methods. 


At Buildings IOT, we don’t just hand anybody the keys. We have the strongest tools in the industry and set you up for success by providing long-term assistance from our customer success team. This partnership ensures that your operation is as secure and efficient as possible even as your security needs change.

Learn more about zero trust cybersecurity in our Zero Trust for Operational Technologies (OT) whitepaper. Download the whitepaper here.

 

CONTACT US
Image of Richard Miller
Richard Miller

Richard Miller leads Buildings IOT's IT team to deliver managed services to smart buildings from data centers to shopping malls. He writes about cybersecurity for smart building systems, IT/OT collaboration and more.

We're Building Experts.

Our innovative solutions for energy and performance analytics are designed to help you save energy, improve comfort, and enhance overall building efficiency. Want to know more?

Talk to an expert

Contact Us

Get the Newsletter

Related Posts

Why Smart Building IoT Cybersecurity Standards Are Important

Image of Richard Miller
Richard Miller
cybersecurity

There is no single set of cybersecurity standards for the design and installation of building...

Read more

Why Use Open vs Proprietary Protocol in Your Building Automation System Integration

Image of Matt White
Matt White
MSI

Choosing between an open vs. proprietary protocol is a critical factor affecting building...

Read more