There are a variety of different IT systems and services installed at every shopping centre, including the Car Park, CCTV, BMS and Footfall, to name but a few. It would be easy to think that the respective providers of these systems would manage and maintain the networks they are installed on to make sure they are secure from hackers and other online threats, however unfortunately this is often not the case as many third-party providers will only accept liability for their own equipment and not the data network they are installed on, or the Internet connection which is used to remotely access them. This leaves a huge black hole in the IT security at each centre and could potentially lead to catastrophic failures and expensive outages if the systems go down. We have already seen several shopping centre’s car park systems unable to take payment for several days, costing the landlord thousands of pounds in lost income. Aside from this, there is the data security aspect, for which the potential fines for non-compliance are huge.
It is worth pointing out that many of these third-party systems such as the Car Park or BMS may have been installed several years ago, with the data cabling and infrastructure being even older. We have seen some cable installations dating back as far as 20 years! In many cases, they have not been maintained or checked for quality or security and are simply left untouched from the day of installation. Unlike electrical installations, which require certificated installers and regular maintenance, data networks are not afforded the same regulatory checks.
Hackers and online scammers are becoming more and more sophisticated and we are seeing an increase in third party systems being hacked into as these criminals broaden their target area. One of the highest profile cases was the hacking of the display screens in Cardiff Town Centre, where inappropriate political messages were displayed on them. Sadly, this was not an isolated incident, as there are far more hacks like this that happen but do not get publicised.
So, what can be done to firstly protect your centre’s IT systems but also make sure they are compliant? In the first instance, we advise contacting the third-party provider and check if the system is installed on a data network, and if it is, whether they support and maintain it. If the answer is no, then the next step would be to contact your IT support provider and ask them to carry out an audit of the various third party systems. They will most likely need to liaise directly with the system provider, so that they have all of the information they require to access the system.
ITVET have been providing Managed IT and Communication Services to the shopping centre industry for over 10 years. If you would like us to carry out an in-depth IT audit of your centre, please contact our network security team on 01279 464470.