Cyber security in managed properties

The rise of smart buildings has ushered in a new era of connectivity and innovation for property management companies, landlords, and on-site building teams. From IoT-enabled devices driving energy efficiency to AI-powered systems optimising tenant experiences, technology is redefining the management of commercial and multi-use properties. However, with greater connectivity comes an increased risk of cyber threats. The more integrated these systems become, the more essential it is for property management organisations and their partners to proactively address cyber security challenges.

This article explores the cyber security risks faced by managed property teams, assesses the consequences of potential breaches, and offers practical strategies to protect buildings, their data, and all stakeholders, whether you oversee a single property or a nationwide portfolio. It also highlights the critical role Managed Service Providers (MSPs) play in maintaining rigorous cyber security standards across the real estate sector.

The risks of increased connectivity

1. Data breaches and unauthorised access

Modern buildings generate and manage vast amounts of sensitive data, including building access logs, tenant records, energy management details, and CCTV footage. For property management companies and landlords, protecting this information is paramount. A single weak point, such as an unsecured IoT device or vulnerable system, can provide cybercriminals with entry into multiple assets.

Real-world risk:

Imagine a scenario where access control systems are not properly secured. If these networks are breached, attackers could gain entry to sensitive building areas and tenant data or even disrupt essential operations across an entire management portfolio. High-profile breaches across the sector underline the need for robust cyber security strategies.

2. System vulnerabilities

The interconnected nature of building automation means many assets operate on shared systems and networks. While this enhances efficiency, it also creates single points of vulnerability. A breach in one system, such as HVAC or security, could potentially expose every connected device, putting the entire property or even multiple sites at risk.

Example:

If a smart HVAC control system in a shopping centre is compromised, it could serve as a gateway to surveillance systems and sensitive management data, affecting the broader asset.

3. Operational disruption

Cyberattacks can cause far more than data loss. They can severely disrupt day-to-day operations. For onsite teams and remote managers, ransomware attacks may lock users out of crucial building control systems, causing delays, tenant dissatisfaction, and financial losses for both the management company and the landlord. In extreme cases, an attack may force the complete shutdown of an entire building, rendering it inaccessible for tenants and staff. 

Such incidents can last not just for hours, but potentially for days or even weeks, depending on the complexity of the breach and the time it takes to restore control. This kind of prolonged downtime can halt essential building services, jeopardise safety, and lead to significant operational setbacks and unplanned costs for all stakeholders involved. 

4. Compliance risks

Failing to protect building and tenant information can result in non-compliance with regulations such as the General Data Protection Regulation (GDPR). Breaches can lead to severe reputational harm and significant fines for property management providers responsible for multi-site portfolios. 

The risks of outdated and legacy systems

Many property management companies still depend on legacy systems for core building operations because of high replacement costs or long-standing reliance on these technologies. Unfortunately, these outdated and end-of-life systems often lack vital security features such as regular updates, modern encryption, or vendor support. This makes them easy targets for cyber attackers, since unpatched vulnerabilities and default configurations are well-known and frequently exploited.

Common issues with legacy systems:

• Unpatched software and unsupported vendors: No longer receiving security updates, leaving critical gaps open to attack.
• Difficulty integrating with new security tools: Modern solutions may be incompatible, causing weak points in the overall security posture.
• Minimal visibility and monitoring: Older systems rarely include robust logging or threat detection, making it hard to spot breaches promptly.
• Default or weak access controls: Many legacy platforms use standard credentials or have limited options to harden access.

To minimise these risks, property management teams should conduct thorough audits to identify which assets remain exposed due to legacy technology. It is essential to develop phased plans to upgrade or replace these systems wherever possible. In situations where upgrades cannot happen immediately, additional safeguards such as isolating older systems on separate networks, strengthening access controls, and deploying advanced monitoring should be put in place to reduce vulnerability to attacks.

Why cyber security matters in property management

1. Protecting tenants, landlords, and teams

Property managers serve a wide range of stakeholders, from on-site facility teams and tenants to asset owners and landlords. Protecting the data and the systems these groups rely on is fundamental to maintaining trust, safety, and satisfaction across managed buildings.

2. Ensuring operational continuity

Critical building functions such as access control, lifts, lighting, and environmental controls depend on the integrity of underlying systems. Effective cyber security measures help keep essential services reliable and uninterrupted.

3. Maintaining and enhancing asset value

A strong cyber security reputation makes properties more attractive to owners, tenants, and investors. Proactively safeguarding systems and data can give property management companies a distinct edge in an increasingly digital marketplace. In contrast, a cyber attack causing widespread disruption or data loss can seriously damage a property’s reputation, eroding tenant trust and diminishing its appeal in the eyes of prospective clients and stakeholders.

Cyber security best practices for property management companies

1. Conduct regular risk assessments

Begin by identifying vulnerabilities within both individual buildings and across portfolios. Regular risk assessments help managers and building teams locate weaknesses, whether they are outdated software, default device passwords, or poorly segmented networks.

2. Implement strong access controls

Ensure that only authorised staff, such as selected site teams and management personnel, can access sensitive building systems and data.

Recommended actions:

• Deploy multi-factor authentication (MFA) for key systems.
• Use role-based access to assign privileges by specific job responsibilities.
• Update passwords and credentials on a regular schedule.

3. Secure IoT and building automation systems

Every connected device, whether controlling lighting, access, or monitoring energy usage, should be protected by modern security protocols.

Recommended actions:

• Change all default passwords upon installation of any connected device.
• Keep device firmware up to date to close off known vulnerabilities.
• Segment building automation systems on their own secure networks to reduce risk.

4. Enable continuous system monitoring

Deploy monitoring tools that operate 24/7 to detect suspicious activity. Early detection of issues can help on-site teams and remote management act quickly to prevent or contain breaches.

It is also essential to designate high-level decision-makers who can be reached at any time in the event of a major breach or attack. Their authority ensures that urgent, mission-critical decisions, potentially beyond the scope of an IT manager, can be made promptly to protect assets and operations.

5. Train your on-site & administrative teams

People are often the first line of defence. Provide ongoing cyber security training to all on-site and administrative teams so they can spot phishing attempts, recognise unusual system behaviour, and maintain good data handling practices.

Suggested topics for training:

• Identifying phishing and social engineering.
• Importance of regular system and software updates.
• Secure handling of sensitive data within building and management portals.

6. Perform regular data backups

In addition to routine, secure backups, it is essential to regularly perform test restores to verify the validity and integrity of backup data. This process ensures that, if recovery is needed, critical information can be quickly and reliably restored without unexpected issues.

Routine, secure backups are vital to maintain business continuity in the event of a ransomware attack or critical failure. Ensure backups are encrypted and stored securely off-site or in the cloud.

7. Validate your cyber insurance coverage

It is essential for property management companies to ensure that cyber insurance policies remain valid and offer full protection in the event of an incident. Many insurers specify that certain baseline cyber security measures, such as maintaining up-to-date antivirus software, implementing strong access controls, and performing regular system updates, must be in place for policies to pay out.

Failing to meet these requirements can result in exclusions or the denial of claims. To avoid this risk, routinely review your policy terms, ensure compliance with all security obligations, and document your efforts to maintain these standards across your properties.

8. Work with trusted MSPs

Given the increasing complexity of building systems and the scale of modern property portfolios, partnering with a specialist Managed Service Provider (MSP) like ITVET can significantly strengthen cyber security. MSPs can help deploy, monitor, and update security solutions across all assets, giving property managers more time to focus on strategic priorities.

The role of MSPs in property management cyber security

Selecting the right MSP

Choosing the right Managed Service Provider is crucial for effective cyber security. Look for an MSP that holds reputable certifications, such as ISO accreditations, and demonstrates a detailed understanding of the property management sector. Proven industry expertise, a strong track record, and comprehensive professional services are key indicators of quality.

Depth of support, including round-the-clock availability and robust incident response, ensures your assets are protected at all times. Prioritising an MSP with 24/7 coverage and tailored solutions will give you confidence that your properties are safeguarded against evolving cyber threats.

Expertise and proactive defence

MSPs have the in-depth knowledge to design, install, and manage bespoke cyber security frameworks tailored to property management. Their services include monitoring for real-time threats, rapid incident response, and ensuring all devices and networks remain secure and compliant.

Comprehensive solutions

From network firewalls and intrusion detection to system segmentation and endpoint protection, MSPs deliver end-to-end solutions that reduce exposure and bolster asset protection across multiple sites. Importantly, 24/7 monitoring services ensure your assets are safeguarded at all hours. Even when buildings are closed, cyber threats do not take a break.

Scalable security frameworks

As your managed property portfolio evolves, MSPs can adapt your security posture, integrating new properties, systems, and technologies without compromising safety.

Cost-effectiveness

Investing in expert cyber security support reduces the long-term costs associated with data breaches, operational downtime, and compliance penalties.

Lessons from recent high-profile cyberattacks

High-profile cyber incidents in the UK, including those impacting household names like Marks & Spencer and the Co-Op, demonstrate just how vulnerable businesses of all sizes and sectors can be. While these attacks often target retailers, property management companies face similar risks due to the complex, interconnected systems that underpin modern buildings and commercial sites.

Breaches have led to significant financial losses, operational downtime, regulatory penalties, reputational damage, and in some cases, legal action. These headline incidents serve as a stark reminder: no organisation is immune to cyber threats, and proactive investment in robust cyber security measures is essential to protect assets, tenants, and stakeholder trust.

Looking ahead

Cyber security will only become more important as managed properties grow more connected and technologically advanced. Property management companies who invest in protection today will safeguard their business, their clients, and their reputation for the future.

Your next steps

• Schedule a cyber security risk assessment for your buildings or portfolio.
• Review and update access control and training policies for all site and management teams.
• Engage an experienced MSP to future-proof your cyber security strategies and protect every stakeholder.

By taking these proactive steps, you can ensure your managed properties continue to deliver safety, value, and confidence in an increasingly digital real estate sector.

Disclaimer: This article is intended as an outline guide and does not represent a definitive cyber security policy. Readers should consult with cyber security professionals and refer to their own organisational requirements before implementing any recommendations.