Your browser is out of date. The site may not function correctly. Please update your browser.

Five ways facilities managers can tackle hidden cyber risks in building systems

Published:
Read Time: 4 mins

Facilities managers are being warned about the hidden cyber security risks inside their building systems because of new technologies which are moving at a rapid pace.

According to the latest UK Government Cyber Security Breaches Survey, 43% of businesses reported a cyber security breach within the last 12 months, while the number of businesses which have adopted advanced controls like two-factor authentication (47%) and user monitoring (30%) remains low.

Facilities managers have been quick to embrace new technology and benefit from its enhancements, including Building Management Systems, access control and CCTV, which are becoming interconnected by digital platforms.

David Robinson, head of cybersecurity at Restore Information Management, says there are hidden cyber risks within digital building systems which facilities managers need to account for to increase security.

He said: "Many building systems still rely on default credentials straight out of the box. If these credentials aren't changed, cyber criminals can gain access to critical systems with relative ease.

"As today's digital building systems become more connected and cloud-based, facilities managers are chasing systems that are evolving quicker than they can protect them. Without the right controls, attackers could cause disruption in building systems and the organisation's wider network."

Here are five tips from David Robinson on how facilities managers can take control of their building technology to reduce cyber security risks.

1.   Know what systems you have and how they are connected

It is crucial facilities managers know what building systems they have and how each one is connected. A simple way of doing this is by keeping a protected inventory of each system that is either networked or remotely accessible, including who supplies the system and how the access is provided.

This is the first step to improving your baseline security and protecting your business from advanced cyber criminals, who, once they have access to a system, can go anywhere in that network.

Do not leave this itinerary to your IT team. When building systems fail. everyone notices it immediately - and staff will turn to the facilities management team first for help.

2.   Eliminate shared logins and default passwords

On the surface, shared logins and default passwords are easy to remember and convenient. In reality, they’re one of the most common weaknesses in an organisation’s cyber security.

Facilities managers should ensure they have a password policy in place. This could include changing passwords every three months, reducing the number of employees who know the passwords, or changing passwords and logins every time an individual leaves the workplace.

It’s important to be proactive about password policies and not just rely on making changes when someone forgets their login.

3.   Tighten controls

Facilities managers need to do their due diligence when it comes to remote access and control. The best way to do this is by taking ownership of who has access to what and for how long.

Carry out a monthly in-house audit of contractors who have had access to a building, whether they were admitted into the building by an employee or whether they had access themselves, whether their work is complete or not. If it is complete, access should be changed so they no longer have any company knowledge.

It’s a good idea to do a similar audit with employees and regularly check whether anyone has left the business, what they had access to, and to update these access routes to prevent external exposure.

4.   Separate systems

It’s important building network systems are separated from corporate IT networks. In the event of a security breach, separated systems mean the breach will be isolated to that one network rather than the entire organisation.

Facilities managers should liaise with their IT team to push for that separation if it doesn’t already exist. Managers have the chance to be proactive and push for change in legacy systems, and this is an important one they should make.

5.   Make cyber security your responsibility

Facilities managers need to have a proactive approach to cyber security and should engage with the IT team and across their entire organisation. Hold awareness training for all employees and teach them about the real-world consequences of a building system cyber-attack such as doors failing, areas being unlocked, heating and cooling systems being disabled and CCTV feeds becoming unavailable.

Make sure everyone knows they have a part to play when it comes to cyber security and protecting the business.

For more information, visit: https://www.restore.co.uk/informationmanagement/

Ends

Editors notes

Restore Information Management is the largest UK-owned provider of information management services, specialising in secure physical document storage, digital transformation and data management.

Its solutions help organisations protect, transform and access their information seamlessly and efficiently. With a strong focus on innovation and customer-centric delivery, Restore Information Management enables businesses to streamline operations and remain competitive in a fast-moving digital landscape.

Restore Information Management is trusted by more than 6,000 clients across the UK, including more than 80% of NHS trusts. It is also a recognised leader in ESG, achieving a CDP ‘A rating’ in 2026, placing it in the top 4% of businesses in the UK for carbon reduction.

https://www.restore.co.uk/informationmanagement/

Building access

Building access

More  Download

Credit: Huum

David Robinson

David Robinson

More  Download

Credit: Restore Information Management

Cameras

Cameras

More  Download

Credit: Jakub Zerdzicki

Restore Information Management team

Restore Information Management team

More  Download

Credit: Restore Information Management

CCTV

CCTV

More  Download

Credit: Jan Van der Wolf