If you were to talk to a commercial real estate (CRE) professional a year and a half ago, they probably would have raised an eyebrow at the thought of cybersecurity risks in the office.
For a long time, that response was warranted. Very few BC/DR plans accounted for a global pandemic. In addition, Deloitte reports that though the retail, travel and hospitality, and financial services industries have been plagued with cyberattack incidents, historically CRE has not. This can be attributed to a single factor: “CRE firms typically maintain relatively less consumer personally identifiable information (PII) and valuable intellectual property (IP) directly on their own technology systems.”
That has all changed since the COVID-19 pandemic. Proptech solutions — like touchless technologies and tenant communication apps — have taken CRE by storm to address emerging health and safety concerns. These digital tools can accomplish quite a few things for office owners and property teams: 1) They modernize the workplace by matching consumer habits and providing for tenant needs, 2) They establish a competitive edge in a challenging market, and 3) They provide meaningful information on what is going on in office buildings, allowing teams to enhance their buildings on an ongoing basis.
Naturally, the more you want to learn about a building, the more technology activations you’ll need. This means CRE teams are now collecting data across a building’s many systems (such as access control and visitor management), the cloud, and other aspects of its infrastructure. And yes, this even means that some teams are leveraging tenant behavioral data to help them understand how people are interacting with an office’s resources and amenities.
Once CRE teams enter this territory, there is no turning back. Any type of data collection — in compliance with state, federal, and international laws — requires a stringent approach to ensure that the data is secure when in-use, at-rest, and in-transit. Thus, as technology becomes more integrated in the workplace, there is an urgent need to mitigate the risks that come with collecting, managing, and analyzing these new data sources. In today’s world, the wellbeing and safety of your tenants extends beyond your building’s physical offerings and services; it now comes hand-in-hand with safe data practices.
Why the CRE Industry Needs Data
The benefits of data and analytics for CRE are endless.
Office owners and property teams can use meaningful insights to create value in a short amount of time. For instance, they can efficiently optimize their building performance by combining data on occupancy, building temperature, lighting, and other core systems. They can also use data to improve leasing rates, inform office investments, and increase customer satisfaction. With the right technology platform, property teams can connect their tenants directly to the spaces and amenities within their office. This will, in turn, start to reveal engagement trends about what tenants love (and what they don’t love) about the workplace. Based on real-time feedback, landlords can develop tailored strategies to keep tenants engaged with their property.
Despite all of the benefits that technology and data can provide, more than 50% of CRE leaders admit that the pandemic has “uncovered shortcomings in their company's digital capabilities and affected their plans to transform,” citing cybersecurity and data management as leading concerns for digital workflows and transformation.
And even the smallest shortcomings can lead to big problems.
We’ve seen it across other industries already, where large companies have found themselves in muddied waters for not properly protecting customer data. In 2013, creative software company Adobe fell victim to a hacker attack that resulted in over 3 million stolen customer credit card records, 38 million stolen IDs and encrypted passwords, and the exposure of millions of PII for active users. Two years later, Adobe reached a settlement and paid $1.1 million in legal fees — alongside an additional amount to its impacted users — for violating the Customer Records Act and having careless business practices.
Scenarios like Adobe’s make it all the more surprising that a shocking 48% of employees report their companies do not offer or make it clear that they provide any sort of data training. After all, even the most diligent companies are vulnerable to social engineering, insider threats, and the inadvertent employee misuse of data.
Best Practices for the Office
Data privacy and security compliance are crucial in protecting your business and customers, but they’re also the law.
Customers have the right to privacy, no matter where they are or how their data is being collected. Individual laws and regulations differ by country and state, forming a large safety net that addresses data collection, storage, and sharing needs across every industry. The U.S. alone houses hundreds of laws to address these needs, overseen by 25 state attorney generals dedicated to this cause.
Industry standards and certifications that require ongoing maintenance — such as ISO, SOC 2, GDPR, and CCPA — make it easier than ever to identify technology providers and partners who handle data securely. Those who provide the highest level of service to the global CRE market will have these qualifications already in place, as well as follow best practices to ensure that no data is at-risk.
In addition to maintaining certifications, technology providers can also take the following steps to protect customer data:
- Avoid collecting PII; instead, utilize aggregated and anonymized data that gives property teams the high-level trends they need to make fast decisions about their building.
- Always ask for consent in data collection practices.
- Understand the data lifecycle and conduct regular access reviews to make sure all accounts are secure.
- Assure that all integrations have the same level of quality and comfort throughout all workplace experiences.
- Offer teams of dedicated experts who can consult across the implementation and procurement processes, as well as help navigate evolving compliance frameworks around data collection practices.
At the end of the day, technology moves fast and digital workplaces are already upon us. It’s easy to overlook the details when the benefits of these modern meccas are in such high abundance. One thing remains certain: the more we use data to differentiate our buildings and strengthen our tenant relationships, the more we will need to honor those relationships through data protection. Companies like Apple are quickly creating the future of data privacy and security for the world — now it’s time for CRE to follow suit.
About the author:
