Weekly Briefing

article sponsor image

Special Series: CRE Leaders Examine Growing Cybersecurity Concerns During Coronavirus Crisis

5 min read
listen to article Listen to this article

Exponential escalation of cybersecurity threats during the coronavirus pandemic is immobilizing some industries. The new normal requires evolved cybersecurity crisis management to protect organizations. Part III of Realcomm’s continued CRE coronavirus coverage featured Wells Fargo, Oxford Properties and 5Q Cyber’s cybersecurity planning for critical building infrastructures and effective remote work environments for Commercial and Corporate Real Estate professionals.

Acceleration of Cyber Threats

While cybersecurity threats are nothing new, the mass transition to a work from home (WFH) business model poses increased cyber threats targeted at individual and enterprise vulnerabilities during the COVID-19 pandemic. Realcomm’s cybersecurity webinar cited multiple instances of cyberattacks:

  • The number of coronavirus-related spear phishing attacks (targeted email attacks sent to specific, well-researched victims) has quadrupled in less than three months. A recent Barracuda Blog revealed increases in: scamming (54%), brand impersonation (43%), blackmailing (11%) and business email compromise (1%).

  • An FBI Public Service Announcement confirmed the rise in coronavirus-related email fraud that includes charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines and fake testing kits.

  • Zoom, a leading video conference platform serving over 200 million users, has become a target for “zoombombing,” a form of organized harassment and abuse from uninvited participants. Amidst the coronavirus crisis, Zoom also has received scrutiny for load-shifting some North American calls through China, a country with vastly different privacy and security laws. New York City recently banned Zoom usage for schools, citing security concerns.

The onslaught of cyberattacks in the COVID-19 era is detrimental to many companies who responded quickly to redistribute central workforces with little time in planning and deploying WFH strategies. This is especially true for small-to-medium organizations with less capital and resources at their disposal. CRE organizations responsible for the physical and cybersecurity of occupants and tenants have an additional layer of complexity when adapting and keeping pace with growing threat.

Securing WFH Environments

The critical difference between WFH and office building cybersecurity is IT infrastructure. Mature processes and corporate IT protocols keep commercial buildings secure. Most WFH scenarios lack such infrastructure. David Sulston, Director of Security, National Programs at Oxford Properties frames the CRE question: “How do we ensure our business conversations we’re having over IT networks are as secure as those in the building?”

At-home protocols must align with corporate safety guidelines, including secure VPNs and up-to-date hardware. Wells Fargo follows a well-established cyber and corporate protection program encompassing both IT and OT technologies, devices and procedures. The program extends to WFH environments. Charles Meyers, SVP & Chief Technical Architect at Wells Fargo emphasized the importance of secured connections and high-quality, standardized equipment, “Key executives should have a hardened laptop issued by their workforce. They must have an encrypted hard drive as well.”

Equally important, WFH cybersecurity hinges upon continued communication, education and access between remote employees and IT teams. Help desk protocols need clear reporting infrastructures for immediate at-home help.

Building Systems and Physical Security

Not all buildings have shuttered their doors during the coronavirus crisis, nor are all employees working from home. For essential businesses and services, some commercial and corporate sites must remain operational with reduced (but critical) staff. Lacking full resources, security technology must provide a comprehensive lens into building activity at all times. “Buildings don’t go dormant," Meyers said. “They need secure connectivity.”

“There’s really clear symmetry between the physical and cyber worlds,” Sulston explained. “Empty buildings don’t have people pointing out abnormal behavior. Similarly, when a system is compromised, we don’t have the boots on the ground to point that out.”

The best security teams leverage technology that identifies vulnerabilities and confirms essential physical and remote access. Cybersecurity and physical security require continuous review of process and protocols. Whitelisting all service providers’ systems ensures they undergo the same scrutiny as the organization’s.

“The risk is huge because it’s not just the building that might be compromised,” Meyers stated. “Points of vulnerability become pivot points for malware that can jump over to the corporate network and compromise the building network itself. A systematic data compromise means you can have it and not know it months in advance.”

Strong systems inventory, endpoint protection and information access are key to building and employee safety in any contingency. But crisis management is much more than responding in the moment. Organizations must prepare for a return to office space that remained unused for months.

For example, when technology is turned off, how will software patches be addressed? 5Q Cyber CEO Don Goldstein asked, “Is it automatic? If no one’s in the office, is Wi-Fi active or shut down? Lower-cost security measures or dependence on third-party options may be sub-optimal, especially if the incidence response plan has never been tested.”

The new normal is raising a lot of questions and creating ample opportunity for collaboration and communal support.

Get Help and Share Resources: The Real Estate Cyber Consortium

Establishing new protocols, sharing best practices and relying on the CRE community are increased priorities in COVID-19 response. Meyers expressed that shared insights is paramount for smaller companies and remote workers, "We need recommendations for the common individual, improvements to simplify things. We require a standard for people to have a secure network and separate their personal or their kid's traffic from work traffic.”

Members of the CRE industry are rallying around an initiative to provide professional cybersecurity support through the Real Estate Cyber Consortium (RECC). The RECC was formed in 2018 to elevate awareness of and address industry-wide cybersecurity threats. The consortium aims to align the development, deployment and ongoing support of building technology solutions with a core set of security principles and standards.

“This is a time for compassion and to help each other in our community,” Goldstein said. “The RECC is an opportunity for information to be disseminated in a meaningful way, a place where people go to get and offer help.”

Interested in the RECC? Join the LinkedIn Group. To receive RECC Best Practices and Guidelines (available to industry stakeholders) contact recc@realcomm.com.

Realcomm’s Coronavirus Special Series “Real Estate, Coronavirus and Business Continuity Planning” features four webinars and news articles in the Weekly Briefing.

Tina Danielsen, Sr. Writer, Realcomm
Tina Danielsen is a corporate writer, editor and business owner, specializing on the topics of technology and business management. She is a former executive in the printing industry, with an extensive background in sales management and marketing. Tina has over 25 years of experience in project management and professional outreach in multiple business environments.

This Week’s Sponsor

Yardi® develops and supports industry-leading investment and property management software for all types and sizes of real estate companies. Established in 1984, Yardi is based in Santa Barbara, Calif., and serves clients worldwide. For more information on how Yardi is Energized for Tomorrow, visit yardi.com.