You stride through a bustling conference hall, alive with excited chats and enthusiastic handshakes. In your pocket, a stack of freshly printed business cards. In your head, a well-rehearsed elevator pitch. You’re confident and poised, ready to network.
As you cruise, you notice only small groups engaged in salesy banter. You spot someone in a corner alone. Dang it, they’re on their phone. Then someone walks by you…maybe…nope, they’re headed to the bathroom. Soon a quiet panic sets in. You find no openings. You feel isolated, alone within the crowd. The clusters of exhibitors, speakers and attendees appear as guarded fortresses, impervious to any networking siege. The walls grow higher. That quiet panic is now a raucous party of self-doubt and insecurity. You bolt to a shadowy corner of the room. Finding a safe harbor, you whip out your phone and pretend to scroll.
Anyone who’s ever attended an expo or tradeshow is familiar with this situation. It’s a universal experience, and one that betrays a paradox: humans are built for social interaction but find it incredibly hard to meet new people. However, introductions aren’t an irrational phobia. Meeting new people is full of unknowns. As children, we’re taught “Don’t talk to strangers”, only to grow up and realize it’s essential to doing business, making friends, and finding mates.
Introductions require an excuse to command someone’s attention. Icebreakers are simply excuses we’ve deemed “acceptable” for presuming someone wants to talk to us. We all know when someone crosses a line, and it’s this fear of transgression that, in large part, fuels our own anxiety towards meeting new people. We don’t want to be the person who interrupts, shares too much or comes off as “creepy”. But with preparation and practice, you can learn how to construct and deploy effective convo starters to super charge your next networking event. Here are 5 icebreaker tips to increase your networking success at your next tradeshow.
1. Choose Universal Topics
Effective icebreakers reflect common experiences. That’s why many people use sports or the weather to form a fast connection. But convo starters don’t have to reflect the human experience. In fact, they can be too broad. Something like “How ‘bout this weather?” would probably seem too general for a group gathered specifically to do business (unless that business is meteorology).
Instead, make your topics universally specific to the situation. With respect to an expo or tradeshow, a more specific “universal” topic would be something that many (but only) show attendees experienced. (“Did you enjoy the awards dinner last night?”). Other examples include:
“Who do you work for?”
“What industry are you in?”
“Can you recommend any good sessions to attend?”
“What’s your favorite part of the show so far?”
“Have you been to the Expo before?”
“Did you see X Company’s demonstration?”
Memorize four to six of these icebreakers and have them ready to go. You’ll discover more as the show goes on and be able to fine tune them to the situation.
Pro Tip: Eat lunch in the commons area of the tradeshow venue. Many will congregate here, and lunch is a perfect opportunity to socialize.
2. Keep Questions Person-Centered and Open-Ended
People enjoy talking about themselves, so your icebreakers should focus on the person or group. The example open questions above are person-centric, while not overstepping the line of being “too personal”. If you tell a story or anecdote, it should serve the purposes of the group and add value to the group’s discussion, not show how smart you are.
In general, you’ll get further with questions that elicit personal opinions (“What’s your favorite part of the show so far?”) rather than simple facts (“Who do you work for?”). That’s because opinions leave more room for commentary.
In general, design your questions to be open-ended. For example: “Who do you work for?” will get you less information than “Is your company exhibiting at the Show this year?” Even subtle changes in how you phrase the same question can have big impacts. Consider these two questions:
“Is this your first time at the Expo?”
“Have you been to the Expo before?”
While both are asking the same basic question, you will likely get two different answers. While # 1 may get you a simple “yes” or “no” response, the answer to # 2 will usually be longer and more in-depth. That’s because the addition of the phrase “before” references a past event. The reference unconsciously prompts the listener to be more descriptive or to tell a story of past events. The longer you can keep the convo started, the better your chances at making a deeper connection.
3. Learn to Infiltrate Small Groups
It’s difficult joining small groups where people are already engaged in conversations. Many of us feel injecting ourselves into the group is too intrusive or creepy. Much of this exclusionary vibe comes from the fact that people in groups tend to stand in a circular formation. The shape itself creates a boundary that seems to warn, “Do not enter.” However, the standard circular formation is a practical construction that ensures everyone inside can make eye contact. So, ironically, the circle is actually an attempt at inclusion. We do well to remember this fact, whether we are on the inside or outside.
Here are a few hacks for breaking into a group circle:
Start a convo with a group member, preferable one who seems bored. Then slowly work your way into the circle, or start a new one.
Look for a group with an odd number of people. It ensures there’s at least one person available for a chat.
Get in early. Locate a group that’s just starting to form.
At an after part event, wait for a drink server to come by for deliveries or to pick up empties. This usually breaks the circle momentarily. Use the opportunity to gain closer proximity.
Listen and wait until you can add something valuable and relevant. Make sure it’s substantial, but not too domineering. Short comments are easily acknowledged then ignored.
Smile and appear generally upbeat and approachable yourself.
Address the group. Deploy an interesting anecdote, ask an open-ended question, or relate a personal story. Anything interesting, educational or relevant will be well received.
Keep in mind, some groups are simply more “open” and sociable. The more familiar the members are with one another, the more they tend to keep things tight. To identify closed groups, look for body language signals. Friends or colleagues will tend to stand closer to one another, forming a tighter circle. These can be difficult to break. Other groups may be in a serious conversation and aren’t interested in being “social”. Look for signals like serious looks, crossed arms, or direct face-to-face discussions. Such closed groups should be obvious. Approach with caution.
4. Flattery is Your Friend
Flattery gets you everywhere when it comes to meeting people. Everyone is instantly receptive to praise, so flattery is an easy win for icebreakers. Most folks who are “famous” in your industry come to conferences expecting a bit of approbation—so, give it to them! You’re likely not annoying them, especially if they’re alone. In these cases, it’s acceptable to begin with a comment about yourself (“I enjoy reading your blog articles on smart building tech.”) In this case, you’re leading with an “I” statement, which may seem to shift the focus off the other person, but the compliment is actually putting all the attention on them.
5. Introduce Yourself Online Before the Tradeshow
There are plenty of to-dos on the pre-show checklist, from identifying your target audience to following groups on social media. But make sure online preliminary introductions is one task you check off. Connect with people on LinkedIn, Facebook and Instagram. Like their pages and follow their accounts. It’s easier to “meet” someone in person if they’ve already “accepted” you with a connect request. So, use that digital handshake to your advantage.
Also, use your online accounts to announce you’ll be attending. Ask if anyone else is planning on going. Post to your trade groups and connections list. Follow up with offers to meet for coffee or lunch. You’ll likely make new connections. Announcing your plans to attend is an effective way to show your enthusiasm and openness to networking, and it will make real-life introductions much easier.
Conclusion
Like any skill, conference networking takes practice. There’s no substitute for hard work. Experience will hone your skills at picking up on body language signals, tone of voice, and group dynamics. You’ll fine tune your anecdotes, perfect your presentation. With these skills, you can identify better networking prospects and command the room.
In this article in our BACnet Basics Series, we look at Device Profiles, why they’re important and how they’re created. We’ve also included a real world example that illustrates how to use device profiles to accurately specify your own projects.
What are Device Profiles?
As we saw in BACnet Basics: What are BIBBs?, device functions come in five basic categories, each containing specific capabilities. For example, the category Data Sharing (DS) includes capabilities like Read Properties (RP), Write Properties (WP) or Change of Value (COV). If we combined all these services into a minimum collection of capabilities, we would be creating a device profile.
As an analogy, think of the profile “Automobile”. Every machine that claims to be an “automobile” needs the functions of Acceleration (A), Deceleration (D) and Maneuverability (M). Of course, there can be automobiles that do much more, but every “automobile” must, at minimum, perform these three functions (A,D,M).
Definition: BACnet device profiles define the minimum set of BACnet Interoperability Building Blocks (BIBBs) supported by a device claiming that profile. When a device claims a specific profile, you know that it contains a preset of specified functions and services. Profiles are handy because they provide a short-hand method for describing a device and its interoperability capabilities. Device profiles are organized into Groups and Families
Device Groups
Device Groups are general categories of device functions. There are four Group types:
Operator Interface—Covers the minimum capabilities for workstations and other user interface devices. Devices normally support A-side (Client) functionality.
Controller Device—Covers anything from programmable building controllers to smart sensors. Devices normally support B-side (Server) functionality, but more advanced supervisory controllers also include A-side (Client) functionality.
Control Station—Covers lighting control stations that are smaller client devices that support specific user controls such as manual light switches.
Basic Device—Covers all “miscellaneous” family functionality. Usually included alongside other device profiles.
Device Families
Each Profile Group contains various Families within it. Families cover profiles for various, supported building systems like Lighting, Life Safety, and General Purpose. For example, the Controller Device Group contains profiles for the following Family types:
(Example) Controller Family
General Purpose—General purpose controllers usually for HVAC and lighting.
Access Control—Access control controllers such as an access control panel
Lighting—Lighting controllers such as supervisory lighting controller
Life Safety—Life safety controllers such as a fire detection panel.
Elevator—Elevator controllers
Let’s zoom into the General Purpose profile family within the Controller Device Group and see what BIBBs it contains.
Building Controller (B-BC) —Field programmable and configurable supervisory controllers in HVAC and general purpose application.
Advanced Application Controller (B-AAC)—Controllers that run advanced HVAC or general purpose control applications.
Application Specific Controller (B-ASC)—Controllers that run specific HVAC or general purpose control applications.
Smart Sensor (B-SS)—Small sensors that provide sensor values to other devices.
BACnet device profile Families are organized in a container hierarchy. As you move up in complexity, you increase the minimum amount of BIBBS required. Like nesting dolls, each profile contains all the minimum profiles from the previous ones.
For example, the above General Purpose BACnet profiles increase in complexity as you move up from Smart Sensor to Building Controller. All BIBBS included in a Smart Sensor profile are always included in a Smart Actuator profile, and all the BIBBs included in those two profiles are always included in an Application Specific Controller, and so on.
Although higher level BACnet profiles contain more BIBBs, it’s not the number of profiles that matters. Each profile requires a minimum number and type of profiles. So, even if a device contains or exceeds the minimum number of BIBBs, it doesn’t guarantee it will meet the standard. It must contain the minimum number of the correct BIBBs to meet the profile standard.
Specifying Device Profiles: Boardroom Example
Let’s use the Device Profile Quick Reference Guide to see an example of how to choose the device profiles for a real-world project. Read the following scenario:
You want to outfit a medium-sized boardroom equipped with a control panel with a built-in controller. The panel will control the room’s temperature and lighting. You also need manual lighting controls near the door.
To determine the device profiles needed for the project, we can start by listing the functionality we need. We will need HVAC controls for temperature. For lighting, we will need controls for both the panel and a manual user control switch on the wall. Therefore, we will need functionality from the Controller Group and Control Station Group.
Next, we can determine what Families we need within each group.
For the Controller Group, we need:
General PurposeFamily for HVAC
Lighting Family for panel control lighting
Access ControlFamily for access
For the Control Station Group, we need:
Lighting Family for manual switch lighting control
Finally, we can choose specific profiles to fulfill our HVAC and lighting functionality.
HVAC Profiles
In the Reference Guide, we see the following profiles for the General Purpose Controller Family:
B-BC: The building controller is intended for field programmable and configurable supervisory controllers in HVAC and general purpose applications.
B-AAC: The advanced application controller is intended for controllers that run advanced HVAC or general purpose control applications. It does not require being configurable through BACnet.
B-ASC: The application specific controller is intended for controllers that run specific HVAC or general purpose control applications. It does not require being configurable through BACnet.
B-SA: The smart actuator is intended for small actuator devices that allow being commanded.
B-SS: The smart sensor is intended for small sensor devices that provide sensor values to other devices.
We can ignore the last two profiles, because we need neither actuators (B-SA) or sensors (B-SS) for the project. We can also eliminate the Building Controller (B-BC) profile because it does not require supervisory control. Depending on our HVAC needs, we could choose either the Advanced Application (B-AAC) or the Application Specific (B-ASC) profile.
Lighting Profiles
In the Reference Guide, we see the following profiles for the Lighting Controller Family:
B-LS: The lighting supervisory controller is intended for controllers in lighting applications that can command and operate subordinate lighting controllers, in particular through group write commanding.
B-LD: The lighting device is intended for lighting controllers that control individual lights or groups of lights. Normally used as leaf nodes in lighting group setups.
We would choose the B-LD profile if the panel only controls one group of lights. However, if the lighting is more complex, we might opt for the B-LS with supervisory controls.
Control Station Profiles
Because the room also requires manual user lighting controls, we need a profile from the Control Station Family. In the Reference Guide, we see the following profiles:
B-ALCS: The advanced lighting control station is intended for sophisticated control stations that support user view, control and limited configuration of lighting functionality. Provides full commanding support of lighting objects and group operations for them.
B-LCS: The lighting control station is intended for control stations that support simple control of lighting functionality and limited status indication. Provides limited support of commanding lighting objects.
The simpler B-LCS would work for this project. But, again, depending on the complexity of the room’s lighting, we might choose the more complex profile.
Conclusion
Through the Boardroom Example above, we can see how BACnet profiles make project specifications easier and more accurate. Standards and profiles support an accurate procurement process, requiring less change orders and adjustments. Defining capabilities also creates an outcomes-based workflow so that buildings function the way owners and tenants need them to.
Today more job interviews are being held via conference call apps like Zoom and Teams. Those looking to nab their next gig are jumping on a Zoom call to chat with prospective employer half way around the world. While a video job interview allows you to widen your pool of potential firms, these digital parleys require preparation if you want to make round two.
For one, non-verbal communication signs are hindered during video interviews. It’s difficult to maintain eye contact. Voice inflections may be distorted through digitalization. Body language is hidden by a narrow field of view. Still, with the right preparation, it’s easy to have a successful video job interview. Here are five must-know tips for newbies.
1. Lighting for a Healthier You
Don’t underestimate your lighting. No, you’re not interviewing for a reality TV show. And, yes, your computer monitor will provide a good supply of light to your face; however, that bluish hue will make you look like Ed Norton in Fight Club. Not the best way to present yourself “employable”. Instead, fight that blue hue with soft, warm lighting around your face. It makes you look healthier and more attractive. To do this, you want low spectrum lighting—bulbs that produce light around 2,700k-3,000k.
Use a small lamp near your monitor (just out of frame) to illuminate your face. Try turning on a room light with a warmer temperature bulb. If you’re in a nice, quiet area during the day, maybe consider sitting outside in the shade. What you’re looking for is to illuminate your face and keep the skin tones warm and pleasant looking. Small adjustments are what’s called for. There’s no need for a three-point lighting setup. So, don’t overdo it.
2. Give Them a Little Background
It’s easy to understate the importance of a good background in your video frame. The most common blunder people make is sitting in front of a bright window. The exterior light “blows out” the image sensor of your web cam, which can’t handle the bright and dark colors at once. The effect is a distracting large white blob of light surrounding an overly darkened face. Shut the blinds. Draw the curtains. Or find another locale.
Also, avoid backgrounds with overly bright colors. These are also distracting and draw attention away from you. Instead, conscript a background of neutral colors like gray, taupe, beige or cream. Walls and curtains of that hue are easy to come by. If your options are limited, try changing your background through the software. Most video platforms have background removal features, which can blur out your surroundings completely or show you calling from some exotic island locale.
Backgrounds that are too busy should also be swapped out. The description “busy” could refer to either a background with kinetic designs or with literal movement such as people at a restaurant. Both are distracting. Such bustling places with people would be inappropriate given the formality of the meeting anyway.
Pro Tip: Strategically place objects in the background that reinforce your personality or reaffirm the “What’s your hobbies, interests?” question. Enjoy playing field hockey? Prop your hockey stick in the corner of the screen. Maybe you’re a dyed in the wool fan of knitting. A carefully placed shawl on the back of your chair is a convenient prop for reinforcing your love—”I actually knitted this sweater I’m wearing!”
3. Get Ready for Your Closeup
Aside from the technical stuff, a video job interview is equal to an in-person interview with respect to decorum and professionalism. Sit up straight. Make eye contact (more on that below) and speak clearly and confidently. Professionalism also means dressing for success. Obviously, everything above the waist is a priority, since the southern regions will be out of frame (unless there’s a fire!).
Clean, kept hair, tie, coat or blouse are the standard boxes to tick. With respect to shirt/blouse color, take the same approach as with the background—nothing too busy or overly decorated. Go for solid colors and simple design. The focus should be on you. While heavy makeup is often avoided for in-person interviews, you’ll want to apply a bit more than normal for video. Much like the theater, video requires a bit more of a dramatic approach to makeup if you want it to appear “normal”.
Remember, your outfit needs to be appropriate to the position. You may have a good idea of what’s acceptable, but if not, do a little web searching to get the right dress code for your industry. Better yet, check out the company’s website “about” page and see what current employees are wearing.
Lastly, opt for smaller headphones, like ear buds, instead of larger, standard headphones. Smaller, lower profile speakers are usually cooler and more comfortable in stressful situations—plus, they won’t cover up that immaculate, newly quaffed hairdo you got in preparation.
4. Achieve a Solid Setup and Proper Eye Contact
Conference calls give you the freedom to do them anywhere. But wherever you choose to interview, ensure you have a solid equipment setup. Shakes and jitters induce nausea in your interlocutor, so don’t try and hold your device steady. Secure it well or invest in an inexpensive phone or tablet holder. Also, rotate your device to frame yourself in landscape rather than portrait mode. It will look more professional.
You will get better stabilization and overall control with a desktop or laptop setup. But keep webcam height in mind. Eye contact is important in a video job interview, but most desktop webcams sit at the top of the monitor. The higher position makes it impossible to appear as if you’re looking the person directly in the eye. You’re either looking at them or the camera, but not both.
To help the situation, lower your webcam to align it with the person’s image. Perfect alignment will, of course, cause the camera to obscure the person’s face, but you should be able to find a workable balance. Alternatively, purchase a transparent webcam holder, which solves the problem or try to engineer a similar contraption yourself.
One last note on eye contact: if you’re going to have notes for reference, put them on the monitor, either physically attached or in a doc. Looking down or to the side when referencing notes breaks your eye contact. To be sure, video job interviews are structured events, but employers expect you to speak extemporaneously. Don’t ever read verbatim from a prepared note and looking away to do so only makes you seem unprepared and nervous.
5. Practice Self-Sabotage
Regardless of the location, you should always do a run-through before a video job interview. Smart preppers do a run through with a friend or family member so they can anticipate questions and practice articulating their ideas. But proper practice includes more than memorizing your employment history; you should also formulate a plan for when things go wrong. And with video calls, there’s a heap of misfortune to anticipate, from low bandwidth issues to misapplied kitten filters. With that in mind, ready yourself for the unexpected by practicing self-sabotage.
Imagine the audio feed is disrupted. You’ll need some way to quickly communicate. Do you know how to find and use the chat feature? You’ll also need to determine if the issue is on your end or the platform’s. What if you accidentally share your screen, which is populated with “cheat sheets” and personal files? Are you familiar enough with the software interface to shut things down?
Compile a list of these types of emergencies, then pick them at random during your regular practice. Learning to adapt and overcome will help you not only ensure a smooth interview, but it’s also a personal trait that employers value in a prospective team member. Who knows, your quick thinking and action may impress them so much it gets you the position.
Every complex topic or field needs a helpful naming system. Scientists name flora and fauna by genus and species. Even astronomers have their own planetary nomenclature. Standard naming conventions do just that—they standardize how we talk about things. They’re also a convenient way to condense large amounts of information into a short form. Hence, they function like acronyms. We needn’t sound out “self-contained underwater breathing apparatus” when we can simply utter S.C.U.B.A. right?
In building automation, the same need for standards and compression applies, and BACnet gives us a convenient way to describe the functionality of devices using something called BIBBs.
What are BIBBs?
Definition: BIBBs stands for “BACnet Interoperability Building Blocks” and is a standard naming convention for representing specific device capabilities using simple acronyms. That is, it creates simple categories to describe how one device works with another.
Without short-form descriptions, listing all the capabilities and services that a device offers would turn functional descriptions into a messy scrawl of technical jargon. By condensing these functions into acronyms, BIBBs makes it easier for FMs, system integrators, and building engineers to talk about the same things. BIBBs help buyers get the minimum number of services for the job without over-engineering and spending for extraneous functionality.
BIBB Categories
The BIBB naming system starts with five broad categories that list interoperability functions. These are high level functions that host specific capabilities within them. Categories include:
Data Sharing (DS)
The data sharing function describes how devices exchange data. Data sharing is essential for reading and writing data from one device to another. For example. If you wanted to regularly check the water temp of your boiler to monitor its performance, you would need the DS functionality.
Alarm & Event Management (AE)
The alarm and event management functionality is for detecting and notifying alarms and events. For example, if your boiler temps exceeded a specified setpoint, the AE function would allow you to receive an alert.
Scheduling (SCHED)
The scheduling functionality is for scheduling values based on date, time, and calendar. For example, if you wanted to schedule your boiler to provide after-hours heating for tenants.
Trending (T)
The trending functionality is for trend logging and historical data support. For example, if you wanted to store your boiler’s temp data to create a history for your engineer.
Device Management/Network Management (DM/NM)
The DM/NM is for setting up device and network management. It allows devices to discover each other, to synchronize clocks, and to reset a device to factory settings (reinitialize). For example, if you wanted to discover a newly installed boiler temp sensor.
Specific Capabilities
Specific capabilities, or sometimes called services, are distinct functions that exist within a BIBBs category. Capabilities also have acronyms. For example, the Read Property (RP) service is under the data sharing (DS) category. The service must exist for data sharing to occur. That is, a device (e.g., controller) must be able to read data, while another device (e.g., thermostat) must be able to send it. Many devices have both capabilities. Here are some examples of services for different BIBBs categories:
Data Sharing (DS)
Read Property Multiple (RPM)
Write Property (WP)
Change of Value (COV)
Alarm & Event Management (AE)
Notification (N)
Alarm Summary (ASUM)
View Notifications (VN)
Device and Network Management
Dynamic Device Binding (DDB)
Text Message (TM)
Reinitialize Device (RD)
Find a more extensive list of device capabilities here.
Clients and Servers
BIBBs also distinguishes between clients and servers, assigning and A and B category to each respectively. Client devices (A) can initiate or call for data or service from a device that can respond to that request (B). An example of this would be a controller (A) requesting temp data from a thermostat (B), which responds with the requested data. You can remember this order by recalling that the letter “A” comes before “B” in the alphabet, just as a request must precede a response.
Putting It All Together
Now that we have all three parts of BIBBs, let’s look at a full interoperability description. The BIBBs naming syntax places the category first, specific capability second, and server/client designation third. Each acronym is separated by a dash. Consider a BACnet controller that has data sharing (DS), a read property service (RP), and client capability (A). It would be designated as DS-RP-A. Can you guess what functionality a thermostat would require to send temp data back to the controller? If you answered DS-RP-B, you’re correct!
Conclusion
As we’ve seen, BIBBs are the “building blocks” of the standardized system of naming devices and their interoperability functions. Devices can have many different functions, so there’s also a need to group them. For example, controllers, sensors, and actuators must all have a minimum number of specific functions to work. These groups of functions are called BACnet device profiles. Like BIBBs acronyms, profiles give us a shorthand way of quickly designating and describing a device. Read BACnet Basics: What are Device Profiles? to learn more or visit The BACnet Institute for free training.
Properties need effective cybersecurity measures. Cybercriminals don’t just attack high profile companies and governments; they target small to medium businesses too. Computer viruses range from annoying adware infiltrating your browser to costly ransomware attacks. In 2021 the world saw a 105% jump in ransomware attacks. Healthcare alone saw a 755% increase! Businesses are paying out billions each year to save their proprietary and/or customer data—and paying only makes things worse.
The sharp rise in ransomware has forced building owners to take a serious look at their IT infrastructure. This is alongside adapting to the challenges of the pandemic and managing a remote workforce. Interestingly, some security experts point to remote work as one cause for the increase in ransomware. Since employees are no longer behind corporate firewalls, their home-based laptops and mobile devices become “attack vectors” for gaining entry to company networks.
Remote entry points are also an issue for building control systems. As buildings become more connected and “smart”, the threat of data breaches increases. That’s because system integration, IoT devices, and building automation systems (BAS) increase connectivity and wireless operation. It’s a problem the U.S. government has known about since 2015 after the GAO warned of a 74% jump in cyber incidents involving government-owned industrial control systems.
Building control systems like BAS/BMS connect hundreds of devices and sensors that make up systems like fire, access, HVAC, electrical, and lift. Connectivity makes it easier for cybercriminals to make their way to more sensitive data because there are more paths to follow. Wireless and IoT devices make networks vulnerable to remote Wi-Fi exploits and password hacks. These potential data breaches and financial losses from malware are why property teams need to practice effective cybersecurity habits.
Setup Multiple User Accounts
One good security habit to adopt is proper account creation and assignment to your team. To save time and hassle, some building managers create and share one master admin account amount their team members. It’s tempting when someone needs to make a few quick changes to simply email your login and password. However, this puts your BAS at risk of cyberattack if those credentials are misplaced or abused. To be cyber safe, create both admin and user level accounts and assign them to each employee.
Almost all BAS software lets you create multiple accounts and at various levels of access. Individual account creation does three key things:
It ensures inexperienced members aren’t given access to critical controls.
It makes sure user actions are recorded by the system.
It helps users work more effectively.
Modern BAS systems track what users do, which is helpful when things in the system are improperly changed. If everyone signs into the system with the same account, then you can’t tell who did what and when. This can slow down repairs and troubleshooting because you must rely on faulty human memory instead of an accurate digital record. Also, when inexperienced or new users sign into an admin account, they may spend an inordinate about of time searching for the tool or feature they need. User-level account interfaces are simplified for this reason. Too many options can tank productivity by forcing workers to waste time navigating a complex interface looking for a single item.
Password Creation
Creating strong passwords is one of the most impactful cybersecurity habits you can adopt. Too often folks continue to use highly predictable pass codes (e.g., “123455” or “Qwerty”) to secure their most sensitive data. What’s worse, most of us also use these same flimsy passwords for all our accounts. It’s behavior that’s too predictable, and predictability is the Achille’s Hill of security.
Make sure your team knows password best practices. When it comes to password creation, length and complexity matter. Passwords should be at least 8 characters long, include special characters (e.g., @!&), and numbers. The longer the password the better; however, there’s a limit to how many characters a person can hold in long term memory. To combat the memorization problem, use passcodes instead.
Passcodes are acronyms made from random words or long sentences. To create a passcode, use the first letter of each word to form your password. For example: “My cat whiskers is 3 years old and likes to have her belly rubbed.” This sentence (which is personal and easy to remember) becomes the password: “mcwi3yoalthhbr”. Then, swap out a few special characters, and you’re good to go.
If passcodes seem too complex, make your life 100% easier by simply using a password manager. These cloud-based apps create and store complex passwords in the cloud for you. They will even fill in the form fields for you, saving you valuable time. Most apps have free or inexpensive annual plans, so investment is minimized, while time savings and security are maximized.
Suspicious Link Detection
A building’s devices aren’t its only weak spots. In fact, occupants are often the major sources of malware. Cybercriminals can use social engineering to trick employees into opening phishing emails and navigating to fake websites. The tactic is called a “pharming attack” and is a common way for hackers to steal an employee’s username and password. The fake website looks and feels like the authentic one, but it’s a duplicate. Employees unwittingly enter their username and password, which is recorded and used to gain entry to the account.
Hackers design phishing emails and fake websites to look like official corporate digital assets, often using the same branding, logos, language, etc. Most are convincing enough to fool an employee who’s under a bit of stress and/or not paying attention. However, there are a few tell-tale signs to look for:
Salesy Language. Cybercriminals often employ high-pressure sales language or scare tactics. Phishing emails may claim “suspicious activity” or fake “charges” to user accounts to entice holders to hastily move to fix “issues” without first confirming the source of the emails.
Grammar mistakes. Often cybercriminals don’t speak your native language, so look for any grammar mistakes or misspellings. These are extremely rare in authentic corporate emails and are a sure sign of a fake.
Pixelated logos. Hackers use official logos to trick email recipients, but often these logos are hastily copied and pasted from websites and may be incorrectly sized resulting in pixelated or strange looking images.
Strange URLs. URLs have two parts: the hypertext (e.g., “Contact Us”) and the address (e.g., https://7nox.com/). Never trust the hypertext to tell you where the link goes. Always check the URL address. To do this, hover your cursor over the text without clicking and read the URL displayed in the bottom left corner of your browser. The URL should contain the company’s address. If it’s simply a long string or strange characters, it may be a pharming attack.
BAS Backups
Make sure your BMS provider backs up your BAS/BMS system on a regular basis. Backups keep your system secure against ransomware attacks, which rely on businesses not having copies of their data. Plus, system backups ensure redundancies when your system goes down or when you shut your building down for changes. If controller settings aren’t “persistent” they may not be saved during a reboot of your BMS. It’s critical that you have backups to ensure these changes are saved.
Conclusion
While building automation and connectivity brings many wonderful things to the built environment, they do require owners and managers to make their IT and OT more resilient. However, without proper training of staff, these technical efforts may prove fruitless. In cybersecurity, humans are often the weakest link. That’s why cybersecurity shouldn’t be simply a training box to tick at the end of the year. It should be an ongoing attitude and effort by all employees. Focus your training on seasoned staff, who may be laxer in their habits, and on newcomers who may have few habits at all.
