BOMA: Building Owners, Building Managers, Cybersecurity & You
April 25, 2016 Published by Rajesh Goel
Recently, Brainlink had the honor of presenting for the BOMA/NY (Building Owners and Managers Association of NY) on the topic of cybersecurity. Addressing the question “How Vulnerable Are Your Building & Company Operations?”, the breakfast panel featured Todd Januzzi, CIO Paramount Group; FBI’s SSA Albert Murray, and Brainlink founder Raj Goel.
Attendees were provided with valuable education and resources on the threats that impact Building Owners/Managers/Contractors and Vendors. Some of the main threats that you should keep a lookout for include:
- Ransomware: No doubt about it, this variety of viruses (as well as Trojans) have been grabbing headlines recently. From hospitals to police departments, to law firms, to construction firms, contractors and others, Cryptowall, Cryptolocker, Locky, etc. have been busy making our lives miserable, and the criminals richer.
Albert advised attendees that they should never pay ransoms, as it only encourages the bad guys to target them again. Todd and Raj reiterated that companies must have onsite and offsite backups as a primary defense against this hacking method.
- Free Wi-Fi: Given how many companies offer free or guest Wi-Fi on their premises, and how many executives use free Wi-Fi on the road (whether at a hotel, at Starbucks, or otherwise), the panel was unanimous in its recommendations:
- If you offer free or guest Wi-Fi, segregate it from your network.
- Do not use hotel or free Wi-Fi when traveling.
- Using your phone as a hotspot or issuing Wi-Fi devices is safer.
- Business Email Compromise (BEC) and Phishing: Criminals are targeting companies with well-crafted, properly spelled emails that tell the CFO, Finance or Accounting staff to send hundreds of thousands to millions of dollars overseas.
Todd explained how important it is to educate your staff about cyber security threats & BECs because the first line of defense against this cybercriminal methodology is awareness. His company uses a low-cost third-party to train his staff on cyber security. He also recommended testing employees by sending them phishing emails on a regular basis.
Albert reported that this is one of the FBI’s ongoing priorities because it’s costing US businesses a lot of money. Raj reiterated that the estimated damages costs of BECs and phishing campaigns are in the billions. He further recommended that companies and individuals should implement secure banking practices with their financial institutions:
- Setup SMS and email alerts on transactions over certain dollar amounts
- Require dual-voice verification for large transactions
- Do not let your bank off the hook
- Vendor Management and Weak Passwords: Todd considered this to be a high-priority issue, as most vendors come on-site and install their products, but don’t really understand security. At his firm, they have implemented segregated networks, so that their corporate network is physically isolated from building operations. He also strongly recommended that companies identify each piece of hardware in order to get rid of any old equipment: routers, switches, etc., anything that was installed years ago and doesn’t have clear ownership.
Albert recommended that attendees be sure to change default passwords on equipment, and to remember to patch and update systems frequently.
Raj recommended securing DVR/camera systems, requiring vendors to manage patches and updates, and reviewing vendor contracts. Not every vendor is qualified to manage cyber security; remember, Target was breached through their heating & AC vendor.
- Personal and Home Safety: Raj reminded the audience to protect their homes just as they would a small business because the average BOMA attendee is within the global 1% and thus, a target for every criminal looking to make a quick buck.
Treat your house as a small business that’s worth $500,000-$2 million in revenue; between your household income, your house’s sale value, and your financial assets, you’re likely somewhere in that range. Employ corporate grade firewalls, separate the kids’ devices from the parental network, and most importantly, set up a separate guest Wi-Fi network. Think of it this way: You keep your guests out of your bedroom, personal files and bank accounts in the physical world, so why would you do any different with your sensitive data?
- Physically segregate your networks
- Update machines and employ stronger passwords on a regular basis
- Do not assume that your vendors are automatically capable of managing cyber security
- Be wary of “smart” devices – most of them have stupid security
- Practice secure banking and train your staff and kids to do the same
- Read my BOMA slides and real-world case studies at http://brainlink.wpengine.com/boma-ny-seminar/
Have you settled for limited support from your IT consultant? Do you want to experience the productivity increase that our people-first focus offers? If so, call (347) 460-2238 or email us at firstname.lastname@example.org to get comprehensive, full service for your technology and your employees today.