In part one of our CRE cybersecurity series we discussed the perceived risks associated with IoT and how it’s often thought to lead to compromised cybersecurity. The unfortunate reality is that disconnected buildings are often just as vulnerable to cyberattacks as their connected counterparts, as older buildings can contain units that are internet-active and unencrypted, all without the facilities management (FM) team’s knowledge. In addition, an older BMS can expose your portfolio to information leaks and cyberattacks if not updated to protect against the latest malware.
If you’re not sure how vulnerable your organization is to cyberattacks, the first step should be to execute a comprehensive site audit, including the building network, BMS, all sub-systems, and any IoT devices. Log all previous contractors that have had maintenance contracts and ensure you consistently capture the software they use and how they gain external access to your buildings. Unfortunately, it’s not uncommon for critical systems to be commissioned and deployed from contractor laptops with no handover or internal back up of those files. The audit should therefore include the manufacturer, model, firmware versions, points of external access, usernames, passwords and the locations of all system configuration files.
A comprehensive audit should conclude with a Data Commissioning Report, evaluating the performance of each connected device and sensor. A Data Commissioning Report provides a list of issues that need to be resolved by a controls or network vendor, as well as a summary of the building systems capable of being integrated into a smart building platform. Some common issues highlighted by a Data Commissioning Report include:
While cybersecurity risks are typically hidden in the underlying IT and OT systems, this report should complement your cybersecurity audit, providing a comprehensive list of your sensors, highlighting which are disconnected, miscalibrated or broken.
Completing a site audit will create a foundation for your cybersecurity strategy and further investment into a scalable smart building program. Contrary to what the headlines lead us to believe, embracing IoT technology is key to improving cybersecurity, when implemented correctly. Having discovered your portfolio’s cybersecurity weaknesses, you’ll then need to address them - find out how in part 3 of our CRE cybersecurity series.
Talk to a smart building expert to learn more about how Switch helps portfolio managers reach their sustainability goals.
5 articles found
When it comes to broken buildings and the power of people, operations teams hold the keys to success. Switch empowers businesses to succeed.
Our team shares five core practices derived from IBCON's Connectivity of Things panel to drive optimal portfolio performance.
Here we revisit one of our favorite sessions of IBCon 2018, highlighting IT and OT convergence through the eyes of two visionary leaders at Oxford Properties.
We decided to do some research into the average American's journey to work and brainstorm ideas on sustainable commuting.
When it comes to broken buildings, it’s critical to make a wise investment in the right technology to power your program. Learn how to choose the right tools.
In this second installation of our three-part series, we examine broken buildings and the hierarchy of needs that operators face when managing them.
The future of AI-powered buildings depends on something less exciting but far more important: clean, structured building data.
Most buildings aren't AI-ready — not because they lack technology, but because their data is siloed. Here's the foundation they're missing.
Learn how smart building automation helps Facility Managers reduce costs, gain portfolio visibility, and deliver measurable ROI in 2026.
