In this article, we look at how to improve your building’s IT network security.
Is your building’s IT network at risk from cyber-attack? Recent research found over one hundred flaws in popular building management and access control systems. Many of the worst flaws only require someone with low level hacking ability to shut down an entire building. Do you think that it could never happen to your office building, shopping centre or school? Well, one of Birmingham’s largest colleges was forced to close due to a cyber-attack in March 2021.1
In 2021, hackers were able to shut down an entire oil pipeline. The owners of the Colonial Pipeline paid a £3.1 million ransom to the criminal gang responsible so that they could get the oil flowing again.2
So, how do you go about securing your building’s IT network from attack?
Secure your hardware
Modern Networks provides IT managed services to over two thousand commercial properties across the UK. Over the years we’ve seen all kinds of crazy things such as brand-new servers being used as doorstops. Unfortunately, we often see important network equipment such as routers and switches sitting out in the open, where anyone can tamper with them.
It is essential that all network hardware is physically secure from accidental damage and malicious action. It would be embarrassing and costly to discover your building’s network connection has gone down because someone knocked over the router or unplugged it by mistake. Ideally, routers and servers should be situated in a secure room and placed within locked cabinets.
Beware of tailgaters
In cyber-security, a social engineering attack is the use of behavioural manipulation for malicious purposes. For example, phishing emails that try and trick you into giving away passwords, bank details or transferring money to criminals. However, one of the most common social engineering attacks is tailgating or piggybacking.
Tailgating is a physical security breach. It occurs when a member of staff unwittingly allows an unauthorized person to follow them into your building or a secure area. When was the last time you held the door open for a stranger in your workplace? Once a criminal has breached your perimeter security, they are free to roam, which is why you should keep any on-premise IT hardware securely locked away.
Ensure your router is correctly configured
To configure a router, you’ll need to log in, using the default admin name and password. This information is usually printed on the router itself. Once you have logged in to the router, you should immediately create a new username and password. The default credentials are usually something like “admin” and “password123,” which isn’t secure. So, change the router credentials immediately. Be sure to create a strong password using a combination of letters, numbers and special characters.
Don’t get burned by your firewall
A firewall is a security tool used in IT networks to help prevent attacks from hackers and malware. If you didn’t configure your firewall correctly, it won’t provide strong protection. A firewall continuously monitors incoming and outgoing traffic over your network. It uses a set of rules to determine what data can come into the network and what can go out. Typically, your router and server will have a firewall installed. However, you might need an appliance firewall to manage your network.
The preconfigured firewall that comes bundled with your router or server might not provide the correct level of security you need. Instead, you’ll need to configure your firewall. Occasionally, the firewall will not be automatically enabled, so you’ll need to switch it on using settings. We strongly recommend that you use an IT professional to set up your firewall correctly.
Update and patch often
You might also decide to install your own firewall software that offers more security features. Either way, before you configure your firewall, it’s important to make sure the router and server firmware is up to date. You will want to make doubly sure your network devices are security patched against known vulnerabilities.
Guest Wi-Fi
Today, most commercial properties offer visitors, contactors and tenants Wi-Fi access. But you certainly don’t want your building management team sharing the same network access as the tenants and visitors. Instead, you want segmented access. Segmentation divides your network into smaller parts, which can help with performance and security.
First, keeping your visitors and tenants on a separate, guest Wi-Fi network reduces congestion and improves performance. If a tenant is doing something bandwidth-hogging like streaming a film, it’s not going to interfere with your building management system. Second, segmentation improves cyber-security by limiting how far an attack can spread.
Why does any of this matter to you?
As a building manager or facilities manager, you might think why would anyone want to attack your building? Well, your building might have a tenant that is the target of hacktivists, state actors, terrorists, cyber criminals, or a lone wolf with an axe to grind. In research by security software provider Kaspersky, they found 40% of smart buildings had been the subject of a cyber-attack.3
CCTV, parking and compliance
Surely, it makes more sense to take some simple security precautions now rather than suffer the inconvenience, costs and negative publicity of having your building locked down. Furthermore, buildings operating CCTV and paid parking systems must comply with data protection regulations such as SCCOP, DPA, GDPR and PCI DSS.
PCI DSS regulations, for example, state that you must install and maintain a firewall, which is configured to protect cardholder data. Additionally, you should not use the firewall manufacturer’s default password and security settings. Failure to meet compliance obligations can result in hefty fines.
If you manage a commercial property and want to ensure your building’s network security meets the required standards, then contact Modern Networks today.
Contact us
Sources:
