Commercial building employees are now steadily heading back into their offices, plugging in after a year-and-a-half of remote work. Many of these buildings were left mostly unattended as workers keyed away at home, leaving networks and IT assets inside, vulnerable to security dangers.
Unfortunately, with less people and security teams in buildings to report suspicious behavior, incidents can occur more easily. It’s simple for malicious individuals to pose as an employee who forgot their access key to make their way in and find assets available under their fingertips. Our Cyber team has found items like sticky notes containing passwords or open notebooks with sensitive information displayed on desks unattended – showing how easily the information could slip into the wrong hands.
If you and your employees are settling back to in-person or hybrid work schedules, you should be aware of the potential cyber and physical security threats looming. These include:
Unwatched, unmanaged, and unmonitored IoT devices
Out-of-date operating systems and building automation system software with unchecked ransomware/malware
Failing hardware
Lost or misappropriated access cards
Unmonitored network connections or connections to amenity/guest networks (which allow access to intruders from the inside)
Unknown Advanced Persistent Threats (APTs) in the network
Unlocked doors or access points, offering opportunities for equipment containing sensitive data to be stolen
Unmanaged building system maintenance requirements – such as elevators, HVAC or plumbing, which can cause water damage or pose environmental and fire risks
Users bringing laptops to the office that have been connected to unprotected home networks with other devices
Outdated access control systems that do not employ PUF (physical unclonable functions) or encryption
The use of personal computers or other devices that are not patched or properly protected
To protect your assets and keep employees safe, we recommend first implementing a Zero Trust security model in your network to better identify potential threats. It’s also critical to implement strong monitoring systems for the network and have robust change and patch management policies and procedures. To avoid environmental and other physical risks, identify a professional who can walk the entire property and rectify any issues.
If you’re concerned about your building’s cybersecurity as you return to the office, 5Q is here to help. Contact our team of cyber experts to get started.