Cybersecurity for Property Management

malware iconProperty managers collect sensitive information from individuals and companies. Broadband and network connectivity for equipment maintenance makes their networks vulnerable to attack for an array of malicious end uses. Half of all companies that suffer a data breach have less than 1000 employees (Scheid, 2013)1.  In 39% of orgs who suffered a data breach, the breach resulted from a lost or stolen mobile device (Scheid, 2013)2.  A firewall and antivirus cannot protect and defend a network adequately. ITIL [Foundation] v3 principles and procedures for information security management can help to strategize a plan to meet the needs of your network.

itil-v3-service-design_342850

strategize icon

Strategize. The results of strategy will define policies, procedures and funds necessary to create the defense program.  A committee of c-level management and select stakeholders (supported by expert advisors) should be assembled to bring different perspectives to program creation; this committee will approve and support the content of strategy to be designed. Before any money is spent, its essential to identify:

itil csm ppty mgt

design iconDesign.  Design is essential to match defense needs with resources and operational culture; a spiral design effort produces prototypes with minor tuning. The endorsed strategy is the content to design a defense program.  The matrix below outlines why planning and design avoids costly fill-ins to plans later.

itil csm design csm ppty mgt

A phased rollout plan works best to control the scale and pace of changes to your network and business operations.  A risk assessment will identify vulnerabilities posing a risk to the network, staff and organization.  (A risk management plan will be rolled out in the transition process.)

transition icon

Transition. Before the rollout plan commences, change management is necessary to ensure designs work as expected.  Transition is composed of an array of pieces, some of which will be implemented together in a single phase, some in consecutive phases.  A lab for testing, air-gaped from the production network, should be created to test and validate that plans are fit for purpose and fit for use; a public cloud or virtualized machines, can serve as a percentage of the lab.  Tabletop tests, simulations and live drills within the lab should be used to test and validate each aspect of the implementation plan.  Rollout plans that pass tests and are approved by the change control board are implemented in small pilot groups (representing a percentage of the production environment) to test each approved phase of the rollout plan.  Control of implementation is a best practice to ensure all parts of the rollout plan fit in place and operate as expected.  A phased rollout plan over time is implemented to minimize staff disruption/inconvenience from change efforts.  Metrics are collected for future review.

Operations.  All participants of the defense program perform their roles per job description, follow policies, prepare reports and process events per procedure.  Metrics are collected for review in CSI.  An audit trail should exist to enable scheduled audits of operations to identify gaps of performance and non-compliance to policies.

CSI iconContinual Service Improvement (CSI).  All metrics collected from the Implement and Operations processes are formatted and reviewed through a spiral or linear process.  CSI exists to identify how plans implemented achieved goals through operations, problems that occurred from efforts to meet goals, lessons learned and corrective action created to implement, to tune the delivery process to achieve goals.

Thank you for giving this topic your time, attention and consideration; I trust there are takeaways for you to use.  If you’re interested in implementing a cybersecurity program for your property management business, please click Request a Consultation at the base of this page, fill out “CSM Property Management” in the subject line, include the email signature of your Property Management director or IT director in the message body; I reply within 24hours to arrange an exploratory conference call. ###

  1. Scheid, K, (2013). Cyber Security & Property Management, 08/25/2013, Prezi, Inc.                https://prezi.com/j1medbpsw-ne/cyber-security-property-management/
  2. Scheid, K, (2013). Cyber Security & Property Management, 08/25/2013, Prezi, Inc.                https://prezi.com/j1medbpsw-ne/cyber-security-property-management/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s