5 tips for Facilities Managers to secure their buildings from cyber attacks

June 17, 2022

There is no denying the way forward for optimal building management is via digitisation and data. Technology should remain central to a building management strategy to maximise the effectiveness of assets and teams. This doesn’t, however, require opening the door to cyber attacks. Digitised assets should and can be protected.

While attacks on building systems are an escalating threat, building owners and managers can mitigate and defend against the risks. With the number of connected devices being deployed, it’s critical that building managers are aware of the risks they face. Attacks on building systems in Australia have not yet become prevalent, but they are not unknown.

There are recent reports of cybercriminals targeting the property and real estate sector. In May 2021, The Sydney Morning Herald reported that Domain was warning its customers to remain vigilant when searching for properties, following a cyberattack that managed to access personal data and demand deposits.

At CIM, we have a deep understanding of cyber security principles with a highly experienced technology team, regular independent audits and a comprehensive set of policies. We are proud to wholly satisfy the requirements of customers with even the most stringent of security protocols.

Along our journey, we have developed deep insights into the core tenets of cybersecurity. To summarise, here are some bite-sized tips for securing your building’s data and systems:

1. Cyber awareness training

While the way attackers appear may seem to change, the reality is most employ the same tools. Teaching employees not to open attachments or links without verifying the sender, ensuring emails are being sent from trusted sources and not to visit websites that look suspicious is a good start. But also encouraging positive behaviours with identity management such as not using easily guessed passwords (an enterprise password management platform can help) or reusing passwords.

2. Use an established and trusted cybersecurity framework

Cybersecurity is rapidly maturing which means many of the challenges the building industry faces aren’t new. Other industries have faced many of the same issues and have developed tools and frameworks to assist with implementing a robust cybersecurity strategy for the built environment. Three that are widely used include: The Essential Eight, NIST and ISO 27001.

3. Assess your risk

An enterprise vulnerability assessment that considers your property’s systems, data, access privileges, and policies in place is essential. Not all security threats apply equally to all industries. It’s important to assess the risks that matter to you and then develop a remediation plan to achieve an effective cybersecurity posture.

4. Constant vigilance

Monitoring both your physical and digital environment for anomalous activity is crucial. While you can take all possible preventative steps, it is still possible for a determined attacker to breach your defences. Constant monitoring of your property’s IT and Operational Technology (OT) environment is crucial for quickly detecting and responding to attacks before they escalate and seriously impact your building’s operations.

5. Work with trusted partners

If your internal cybersecurity capability is limited, you can work with established cybersecurity experts to ensure you have the right prevention, detection and recovery processes and systems in place.

The same goes for building analytics. It’s important to partner with a provider that is reputable and has gone through the correct checks and balances. CIM takes information security very seriously. In accordance with industry best practice and to comply with numerous compliance regulations, CIM has implemented a number of strictly met cybersecurity policies and procedures including independent assessment and penetration tests.

Further, data from the buildings we have on the PEAK Platform is captured using secure protocols via a single hardware device connected to the Amazon Web Services platform. As such, we have the backing of their highly secure cloud security network.

Cybersecurity is a serious risk for all businesses. In a building, a cybersecurity breach can result in a loss of access to a building, equipment damage or the loss of critical information. Putting effective steps in place can mitigate the risk of an attack and minimise the damage should a breach occur.


See how CIM’s PEAK platform can continuously monitor multiple building data sources and generate actionable insights, safely and securely.

CIM Team
June 17, 2022