RECC Tips for Getting Started with Building Cybersecurity

1 Jul 2021 5:00 PM | Anonymous member (Administrator)

Organizations may be just starting their journey, or further along. We offer these tips and suggestions for anyone starting on their journey.* 

  • Smart Building Security should follow the same process patterns provided by US-CERT (Cyber Emergency Response Team), CIS (Center for Internet Security), NIST. The models all follow a Plan-Do-Check-Act process.

  • Define security metrics for continuous improvement
  • Put cascading security expectations in Vendor contracts and audit against national/international recognized standards
  • Harden field-based devices
  • Ensure strong password management and that no default passwords are used
  • Consider having passwords externally tested for security
Identify – Protect – Detect – Respond – Recover
  • Educate the workforce to be deputies in security. If they receive or see something unusual they should report it.  
  • Keep systems current with security software updates
  • Ensure a properly configured firewall protects the network
  • Segregate corporate networks from BMS networks (IT vs OT separation)
  • Restrict or deny the use of USB flash drives
  • Consider an "assumed breach" model – establish tiered access control, identify choke points, segment assets, and install detection capabilities
* RECC makes no warranties on these recommendations.



© Copyright 2022 Real Estate Cyber Consortium Inc.™ All Rights Reserved. Real Estate Cyber Consortium (RECC) is a 501(c)6 non-profit organization.  Privacy Policy and Terms of Use.
Powered by Wild Apricot Membership Software