Never Cross the Streams, It Would Be Bad
Just as with proton streams when battling apparitions, banshees, phantoms or poltergeists, you don’t ever want to cross your store’s wifi with your public wifi.
What’s the issue? We have a perfectly good Internet connection that we use for our business computers, cash registers and automation systems, why not open it up to the public so that we can attract more business to our store? Really, you’re just trying to enrich the cable companies by making us buy another Internet connection for our customers. And the national outfit that wants the contract to install public wifi at our mall says that they can firewall the public wifi from our business cash registers without a problem. Cross their collective hearts and hope to die, they do this all the time and they never have a problem.
The first issue is that the sales lady from that national outfit would probably throw her own mother under the bus to get you to sign the contract. The second issue is that firewalls are software with vulnerabilities that can be hacked – firewalls are better than nothing, but it’s not something that Stirling uses to protect our corporate network from a public wifi on a shared Internet connection.
By crossing your business Internet with public wifi, the only thing you’re really accomplishing is providing a road map for someone to sit in the parking lot and hack your business. In this bold new world of interconnectivity that we live in, it’s simply safer and easier to calculate the cost of a dedicated Internet connection for your public wifi upfront before providing public wifi in your business, store or mall.
End of Life (EOL), Have you made your plans?
Thanks to the overwhelming media hype last year, we all know by now that Windows XP went End of Life and out-of-support by Microsoft on April 8, 2014, but did you know that Microsoft Windows 2003 is going End of Life on July 14th of this year?
Do you have a file server in your office that is still running on Windows 2003? Are any of your key control systems, hvac or other automation systems running on Windows 2000 or 2003? Seems like every time Stirling starts managing a new property, we run into a slew of Windows XP computers and/or an old Windows 2003 Server or two.
What’s the big deal? Why should we care if software goes End of Life? We all see the sensationalized hacks that are publicized in the media which are sometimes just hype, what they miss is the whole industry that’s grown up around exploiting your operating systems and software. It’s the old game of cat and mouse or whack a mole, but updated for our digital world. Criminals find holes that they can exploit and then companies like Microsoft release a patch to fix the hole. If you stay up-to-date with the patches, you’re in ok shape. The problem comes when a product goes End of Life – the criminals are still finding and exploiting the security holes, but Microsoft is no longer issuing patches to fix the holes so if you’re running an Operating System or software that’s no longer supported, you’re throwing a big neon sign out to the world that says please exploit my systems.
Running an old version of Internet Explorer, Microsoft Office or some other productivity software that’s no longer supported? Same problem, probably need to look into upgrading.
Is your automation system running an old version of Windows? Might want to check with your vendor to find out what needs to be done to get you up-to-date. Looking at installing a new Automation System? If the dollars add up, ask about systems that run on proprietary hardware and software, instead of Windows. Windows is a great general purpose operating system, but part of what makes it so versatile, also makes it a huge risk for security exploits.
We no longer live in a world where we can put systems out and forget about them. We need to stay up-to-date on the patches, know the End of Life dates and keep your automation systems under contract so you can keep them up-to-date.
First Steps for Property Services and Information Technology
We’ve received a lot of feedback from an earlier Stirling post (Property Management, Information Technology and the New Paradigm) about the amount of work required to update Information Technology Infrastructure for today’s world. A few people keyed in on the amount of work required when their Information Technology Projects had taken a back seat to other priorities in the last five years, ten years or forever.
Some had asked for a cheat sheet on what they should do first or what questions they should be asking their property services company about their Information Technology Systems. This list is far from comprehensive – merely first steps, but if Stirling had just taken over a new property or if I was starting from scratch, this would be my initial list of things to check or you can hit your Property Services company up to find out what they were doing in regards to Information Technology:
Do I have a next generation firewall at my offices?
Are my automation systems firewalled and segmented away from my office computers (i.e. postage machines, hvac systems, video directories, card access systems)?
Not very effective anymore, but still a first step, do all my computers have anti-virus protection?
If my computers haven’t been running anti-virus, who will format the hard drive and reset it back to the factory default image, then add anti-virus protection and load all my documents back?
Do we have, at the very least, basic spam filtering to try and eliminate the ZeroHour emails and do we have Sender Policy Framework (SPF) setup?
And finally, this really isn’t about security, but to offer up some lagniappe for the New Year, check into finally getting rid of your old analog telephone system to see what features you would gain and how much you would save with a Voice over IP (VoIP) System. Check into either a legitimate cloud provider or see if your property services company can add you to their system – adding your property to their system should be simple.
Obviously this is a very basic list, but whether your property is managed by Stirling or not, feel free to shoot me an email if you have questions and I’ll try to point you in the right direction. When it comes to Internet Security, we’re all in this together.
Property Management, Information Technology and the New Paradigm
Used to be that technology was an afterthought, if it was a thought at all, when it came to property management. No one thought twice about putting file servers, telephone systems, sharing the office Wi-Fi with the public and having each management office a self-contained island unto itself. We’re long past the days, when we could put a desktop at a managed property office and simply forget that the computer was there until the computer died or a user complained. While the most important element of property management is still the right property manager, with the advent of Internet-connected building automation, Voice Over IP (VOIP), cloud offerings, server virtualization, software as a service (SaaS), desktop as a service (DaaS) and the well-publicized complete lack of security on the Internet, it’s time to pay attention to how property management offices are utilizing technology, how the offices are secured and how we are maintaining the infrastructure.
Here at Stirling we’ve taken over a lot of management contracts in the last few years and the thing that strikes us from the IT-perspective is how little attention has been paid to the automation and the office systems. Even from the large, national property service companies, we’ve seen file servers and desktops systems at managed properties that are past end-of-life such that the manufacturers are no longer providing security updates. We’ve seen automation systems, directly connected to the Internet with no firewall and still running default system credentials, leaving not only that system, but the entire office vulnerable to attack. Accounting or Point of Sale Systems on the same network as the HVAC or Automation Systems without network segmentation or firewalls is simply asking for trouble.
While other industries have been quick to embrace technology, it sometimes seems that Commercial Real Estate as an Industry has gotten a half-step or two behind where we need to be in maintaining our technology. Overhauling systems doesn’t necessarily have to be a large expense. In a lot of cases, the savings from removing the maintenance costs associated with outdated systems will go a long way towards modernizing and securing your infrastructure. Just as everyone knows and can do the calculation on a commercial real estate’s return on investment, there’s also a return or a savings with Information Technology deployed and maintained correctly.
- Still have an outdated DSL connection to the Internet? Fiber has proliferated in the last couple of years. Look at dedicated bandwidth with a Next Generation Firewall.
- Sharing your Internet with the public? Stop! Or at the very least, make sure your management office network is segmented to protect your critical systems.
- Same with automation. If your HVAC, access card or automation systems are connected to the Internet, change the default credentials and segment away from your office computers.
- Are your servers on the same network as your Wi-Fi? Segment and firewall the network so if your Wi-Fi gets hacked, they don’t have a clear path to the rest of your equipment.
- Still running Windows Server 2000 or 2003? Server 2000 was retired on July 13, 2010 and Server 2003 is ending on July 14, 2015 which means no security patches and a huge vulnerability for you. It’s time to ditch the server and connect to your back office virtually.
- Still have a Windows XP computer or a POS with embedded Windows XP? XP’s end of life was April 8, 2014, leaving your systems vulnerable. It’s time to upgrade your systems or virtualize your desktops.
- Still have an analog telephone system with roll over lines? With dedicated bandwidth and quality of service, you can take advantage of Voice Over IP – sometimes at a substantial savings to what you’re paying for your system now.
- Do you have separate banking computer that you use only for banking? Absolutely no general Internet surfing? Might want to consider dedicating a computer to banking.
- Are you setup with Positive Pay with your bank? This is an important first step.
- Still using an old POP service for email? It’s time to switch to an Exchange-style email system. Setup with your management company or contract online for hosted Exchange or Zimbra email.
Contracting with a property services firm that has a dedicated technology staff makes your life easier and allows you to take advantage of the economies of scale inherent in that relationship, but if you have the time and the wherewithal to work through the vulnerabilities, you can go a long way to securing your systems and leveraging technology for the value it will bring to your property.