Smart Building and Smarter Protocols: Mitigating IoT Cybersecurity Risks in Commercial Real Estate | Pillsbury – Gravel2Gavel Construction & Real Estate Law

Smart Building and Smarter Protocols: Mitigating IoT Cybersecurity Risks in Commercial Real Estate | Pillsbury – Gravel2Gavel Construction & Real Estate Law


From our homes to our workplaces, the deployment of smart technology is becoming more frequent. He Wall Street Journal notes that smart construction companies raised $ 2.85 billion in venture capital in 2021. In previous posts, we talked about increasing the use of smart technology in commercial real estate, the importance of a thorough and rigorous research and evaluation process, and several factors to consider in smart technology contracts. These evaluation and contracting processes are vital to developing security railings that smart technology providers must adhere to. A rigorous, security-focused approach to smart home technology can help protect real estate companies from catastrophic public relations and the financial consequences of a security incident, such as Mirai’s malware attack. 2016, aimed at insecure Internet of Things (IoT) devices. The average cost of data breach incidents increases every year, and in 2021, the average cost of a data breach incident was $ 4.24 million. More than ever, companies must not only be aware of the cybersecurity risks of these technologies, but must take the necessary steps to address their vulnerabilities.

Increased vulnerability
As IoT connectivity increases, cybersecurity risks increase exponentially. Every smart element that enhances the comfort of the building, such as cameras that recognize an employee’s face and hail elevators, air quality monitors, speakers, doors and security systems, features a point of view. security vulnerability in the building’s cybersecurity environment. Each connectivity point is one that hackers can target. Remember, hackers only need one entry point: hackers stole 40 million Target credit and debit card numbers from Target’s HVAC contractor in one of the largest known corporate infractions in history of the United States.

Increased sensitivity
The rise of smart technology poses unique privacy and security issues. What data is being collected, how much and for how long? Does the smart technology solution collect personal contact information and does the solution share this data with third parties? Do devices with cameras collect, store, and share images? If so, how long will the recorded images be stored and where? Will employees have access to this data? How will the company handle children’s images or other sensitive recordings? When it comes to voice recognition, does the device “always listen” and store and share conversations? Individuals are increasingly aware of the reductions in their privacy; however, consumers and employees still have expectations of privacy in their homes and offices. It is imperative that companies know what data is being collected and develop internal controls to manage it while requiring vendors to comply with strict privacy standards.

Companies must also ensure that they collect data needs to collect. Too often, a company’s attitude toward data collection can be summed up as follows: Collect everything now and find out what to do next. This approach is incorrect. On the one hand, data analysis can provide important information about user behavior. On the other hand, the data collected must also be protected and treated in accordance with a compliant privacy policy. Collecting “too much” data can mean that a company loses sight of everything it is collecting. When companies don’t know what they have, they don’t know what to protect. And forgotten and forgotten data is often less protected. When hackers attack and consumers are harmed, “we didn’t know we had it” is not the answer that lawmakers, end users, or regulators will accept.

Compliance with regulations
All companies that collect personally identifiable information must comply with state, federal, and international data privacy laws. This regulatory framework becomes even more difficult due to the fact that these laws are in a state of constant change. In the U.S., states are increasingly enacting data privacy laws that create consumer rights and impose security and evaluation requirements on businesses. Companies in regulated industries (such as financial services) face higher security protocol requirements and additional data privacy laws. The regulations may impose on companies the responsibility to protect themselves from non-compliance, whether accidental or not. Businesses should ensure that contracts with vendors require vendors to address security issues as part of a holistic approach to protecting the business and its end users.

Recommendations
This variety of vulnerabilities, sensitivities, and responsibilities may seem daunting, but owners can greatly mitigate their risks through sound security arrangements in their contracts and by perfecting internal operating protocols.

Contractual: To the extent that smart technologies and services are outsourced to third parties, contracts should take into account how the provider will protect the data collected, processed, stored and shared. Contracts should also limit the collection, processing, storage and exchange of data to what is necessary. Make sure that the contracts assign the risks to any possible security breach. Contracts must also describe the steps to be taken by the provider following a data security incident. Consider including audit rights to perform a review of vendor systems before and after any incident. Contractual commitments may result in the provider being liable in the event of non-compliance with data due to defects in its technology, services or security protocols.

Operational: In addition to contractual precautions, companies can implement operational changes to better protect themselves from any possible data security incidents. Businesses should limit the devices that process sensitive information and the access that each technology has connected to the information that is strictly necessary. Devices that process sensitive information should also be moved or isolated to separate networks with higher security controls. Protect access to sensitive systems and applications with multi-factor authentication and limit those with privileged access. Companies should review and update the security protocols they have in place. Think about hiring staff with experience in data security and train employees on protocols and make sure they understand the policies. The implementation of these operating components may complement the risk mitigation provisions in the contracts.

Buildings and smart homes will continue to be on our horizons because, while smart technologies increase the risks of information security, they also allow for operational efficiencies and personal convenience that both tenants and the occupants will not be willing to give up once obtained. Implementing and using these innovative technologies and services requires a careful strategy to mitigate these security risks. Ultimately, smart technologies have come to stay, and those who take the necessary steps will now be able to reap the benefits in the years to come.

[View source.]



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.