How to secure your building’s IT network

IT-service-engineer-working-on-network

Is your building’s IT network at risk from cyber attack? Recent research found over 100 flaws in popular building management and access control systems. Many of the worst flaws only require someone with low level hacking ability to shut down an entire building. It could never happen to your building? Well, one of Birmingham’s largest colleges was forced to close due to a cyber-attack in March 2021.

As you probably know, hackers were able to shut down an entire oil pipeline in America earlier this year. The owners of the Colonial Pipeline paid a £3.1 million ransom to the criminal gang responsible to get the oil flowing again.

So, how do you go about securing your building’s IT network from attack?

Secure your hardware

Modern Networks provide IT services to over 1800 commercial properties across the UK. Over the years we’ve seen all kinds of crazy things such as a brand new server being used as a doorstop. Unfortunately, we often see important network equipment such as routers and switches sitting out in the open, where anyone can tamper with them.

It is essential that all network hardware is physically secure from accidental damage and malicious action. After all, it’s embarrassing and costly to discover your building’s network connection has gone down because someone knocked over the router or unplugged it by mistake. Ideally, routers and servers should be situated in a secure room and placed within locked cabinets.

Don’t open the door to tailgaters

In cyber-security, a social engineering attack is the use of behavioural manipulation for a malicious purpose. For example, phishing emails that try and trick you into giving away passwords, bank details or transferring money to criminals. However, one of the most common social engineering attacks is tailgating or piggybacking.

Tailgating is a physical security breach, where an authorised person unconsciously allows an unauthorised person to follow them into a building or secure area. When was the last time you held the door open for a complete stranger in your workplace? Once a criminal has breached your perimeter security they are free to roam, which is why access control to your network hardware is so important.

Ensure your router is correctly setup

To configure a router, you’ll need to log in, using the default admin name and password. This information is usually printed on the router itself. Once you have logged in to the router, you should immediately create a new username and password. The default credentials are usually something like “admin” and “password123,” which isn’t secure. So, change the router credentials immediately. Be sure to create a strong password using a combination of letters, numbers and special characters.

Don’t get burned by the firewall

A firewall is a security tool used in networks to help prevent attacks from hackers and malware. If you didn’t configure your firewall correctly, it won’t provide optimal protection. The firewall continuously monitors incoming and outgoing traffic on your network. It uses a set of rules to determine what data can come into the network and what can go out. Typically, your router and server will have a firewall installed. However, you might need an appliance firewall to manage your network.

The preconfigured firewall that comes bundled with your router or server might not provide the correct level of security you need. Instead, you’ll need to configure your firewall. Occasionally, the firewall will not be automatically enabled, so you’ll need to switch it on using settings. We strongly recommend that you use an IT professional to setup your firewall correctly.

Update and patch often

You might also decide to install your own firewall software that offers more security features. Either way, before you configure your firewall, it’s important to make sure the router and server firmware is up to date. You will want to make doubly sure your network devices are security patched against known vulnerabilities.

Wi-Fi access for everyone

Today, most commercial properties offer visitors, contactors and tenants Wi-Fi access. But you certainly don’t want your building management team sharing the same network access as the tenants and visitors. Instead, you want segmented access. Segmentation divides your network into smaller parts, which can help with performance and security.

First, keeping your visitors and tenants on a separate network reduces congestion and improves performance. If a tenant is doing something bandwidth-hogging like streaming a film, it’s not going to interfere with your building management system. Second, segmentation improves cyber-security by limiting how far an attack can spread.

Why does any of this matter to me?

As a building manager or facilities manager, you might think why would anyone want to attack my building? Well, your building might have a tenant that is the target of hacktivists, state actors, terrorists, cyber criminals or a lone wolf with an axe to grind. In research by security software provider Kaspersky they found 40% of smart buildings had been the subject of a cyber-attack.

CCTV, paid parking and compliance

Surely, it makes more sense to take some fairly simple security precautions now rather than suffer the inconvenience, costs and negative publicity of having your building locked down. Furthermore, buildings operating CCTV and paid parking systems must comply with data protection regulations such as SCCOP, DPA, GDPR and PCI DSS.

Failure to meet compliance obligations can result in hefty fines. Just two requirements of PCI DSS are you must install and maintain a firewall configuration to protect cardholder data and you should not use the manufacturer’s default password and security parameters. That’s why you need to secure your building’s network.

If you manage a commercial property and want to ensure you have the right IT services and support then contact Modern Networks today.

Contact us

Sources:
Memoori.com
Feweek.co.uk
BBC
TechRepublic

Share this page