In today’s ever-changing world, where technology plays a pivotal role in managing and maintaining facilities, the importance of cyber security and data protection cannot be overstated. Facilities management and building technology continue to evolve significantly with building automation systems becoming integral components of modern facilities and the built environment.
These systems offer numerous benefits, from energy efficiency to improved comfort and operational control. However, this increased connectivity also exposes the vulnerabilities of the built environment to threats that could disrupt operations, compromise sensitive data, and potentially endanger the safety of end users.
As buildings and other allied facilities become increasingly reliant on technology and interconnected systems, the importance of cyber security and data protection training for facility management and building personnel is crucial.
The potential consequences of a cyber attack on a building are severe, ranging from compromised building access information to service disruptions, physical damage, and safety risks. Therefore, facilities managers need to understand the vulnerabilities of these systems and take an active role in protecting them.
ISO 27001 is the tool for best practice approach to create an effective management system for information security, cyber security and privacy protection by addressing people, processes and technology. Whether leading or supporting these efforts, facility management professionals are integral to ensuring the safety of people and organizational assets It is crucial to have a strong cyber security and data protection strategy ready so that facilities managers can put it into action when the need arises.
Starting with employee education and awareness, facility managers must also be aware of the assets that need to be protected against possible threats or attacks. They must be aware of and build policies and procedures for guarding the assets.
Creating, evaluating, and maintaining a robust process is essential, which involves including rules for password protection, handling sensitive data, and using portable devices. These simple but powerful steps have benefitted facilities managers in the past and continue to do so, in the pursuit of developing a solid cybersecurity and data protection mechanism.
A detailed risk analysis is highly recommended and may prove to be very beneficial. The steps highlighted below are useful for carrying out risk analysis:
• Establish a baseline for network traffic to identify existing gaps and potential security vulnerabilities related to the Operational Technology (OT) and Information Technology (IT) environment.
• Examine the asset inventory to identify asset connectivity with networks, and identifying existing gaps and potential security vulnerabilities.
Facilities managers are getting more aware of the danger in their OT environment and understand the importance of strengthening their cyber security framework. The awareness comes from the need to reduce to the barest minimum the cyber security risk as OT and IT systems continue to converge. Cyber security and data protection in the digital age has become more paramount than ever, and the built environment is no exception to this.
In concluding, facilities managers, along with experts from both IT and OT, are collaborating in developing and managing effective cyber security policies and procedures to improve the overall facility cybersecurity framework as more internet-connected devices become part of daily facility operations.
Stakeholders are aware that unprotected systems become alluring targets as systems get more complicated and have more complex associated risks. Facilities managers are thus embracing evolving technology to become cyber security-ready to handle evolving digital security risks.
