buildings are, so that you can adjust a building’s temperature
remotely, and so on. Well, some kid in Russia could hack in and
do it for you. If you patch one hole, they’ll find another; it’s a
cat-and-mouse game and you won’t be on the comfortable side
of it for long.
“Sometimes, it’s not even your building that’s the issue. Of-
ten, the breach comes through a vendor, like the people who
handle your HVAC, your elevators or your janitorial service.
If hackers can infiltrate those vendors, they can get to a lot of
buildings—like 12 buildings in a neighborhood—and control
them. Don’t just think it’s just the individual property you have
to concern yourself with. It’s the mid-size and smaller contrac-
tors that are likely to be less sophisticated, and thus more vul-
nerable. You need to have a cybersecurity specialist come in and
analyze your building’s systems.”
E. Robert Miller, CPM, of E. Robert Miller & Associates
(Burlingame, Calif.) works primarily as an expert witness in
property management issues for all types of commercial and
residential real estate. He says that while cybersecurity is defi-
nitely an issue for property managers to watch, he gives high
marks to the property management business in general for stay-
ing on top of cybersecurity issues and avoiding severe breaches.
“I can’t remember the last time I had to testify against a
CPM or an AMO, on any issue,” he says. “It happens maybe
three times out of 1,000 cases. I’m sure it happens, but I’ve
never been involved in a case where someone broke into a
Paul Kastes, CPM, an independent property manager based
in St. Petersburg, Fla. and northern Georgia, who also special-
izes in expert consultation and testimony, says he stays on top
of security issues that concern income-producing properties:
apartments, offices, shopping centers, strip centers and ware-
houses. He notes that part of handling security issues—whether
or not they concern cyberspace—involves informing your ten-
ants, both commercial and residential. He urges property man-
agers to offer information on cybersecurity to their tenants. He
also reminds managers to stay friendly with their local sheriff
and police department, and to be particularly mindful of ten-
ants who live on the ground floor and at the rear of a building,
since they may be the most at risk of a physical security breach.
“If you’re not well networked with law enforcement, in some
areas you might not get the help you need as fast as you need
it,” he warns. “Fair housing laws prevent you from steering
your more vulnerable tenants away from ground floor units. Informed tenants, who receive current and relevant information
from management, are less likely to be the victim of a computer
hack or a physical attack.”
Strong passwords might consist of a secret but memorable phrase that incorporates as many letters, numbers and
symbols as each website or app allows. Mix upper- and
lower-case letters and numerals. Don’t re-use passwords,
and change them at least every few months. Encrypt all
digital data, and only share sensitive information by encrypted email.
Never click on a link or open a file in an email from a sender you don’t know. In particular, don’t open files ending in
.exe, .bat, or .pif unless you’re expecting them. If it comes
from an address that you know and trust, still, do not open
it unless the sender has warned you that it’s coming and
what it consists of.
Be suspicious of messages in overly formal, incorrect or
stilted English, especially if the email begins with a religious
reference or a threat to suspend your account. If the email
includes an offer that sounds too good to be true, it is.
Beware of cloud computing apps. They, too, can be vulnerable to cyberattacks. If you use one, make sure that you’re
immune to liability if the vendor is hacked.
Joseph Dobrian is a contributing writer for JPM®. If you have
questions regarding this article or you are an IREM Member interested
in writing for JPM®, please email