BPM Real Estate Insights: Spring 2018 Volume 01 | Page 14

14 BPM Real Estate Insights Defending against these varied attacks starts with knowing where your sensitive data resides and what systems can access that data. Then, a risk assessment can provide guidance in regards to which security and privacy controls are appropriate for your organization. Rigorous deployment of applicable controls requires detailed documentation and close attention to hardening vendor-default credentials that are vulnerable. Finally, comprehensive controls testing and audits validate their effectiveness and provide guidance on priorities for reinforcing protections. n David Trepp, partner in BPM’s Information Security Assessment Services practice, has led over 1,100 information security penetration test engagements for satisfied customers across all major industries throughout the United States and abroad. Contact David at [email protected] or 541-687-5222. Figure 2. Typical panic bars are one of many door lock types that are vulnerable to simple, non-destructive attacks. Figure 1. S  urveillance systems often have default credentials and/or are susceptible to brute force attacks. Figure 3. A parking garage RFID badge reader has been weaponized for badge theft and replication. Figure 4. R  emote injection devices can insert keystrokes into wireless keyboard/mouse ports from over 100 feet away.