It’s a scenario most property managers don’t think about until it’s too late.
A tenant calls. Their network was compromised. Customer data, financial records, personal information — accessed by someone who shouldn’t have had it. And now they want to know one thing: how did this happen?
The answer might trace back to your building.
When a property shares infrastructure — internet connections, Wi-Fi access points, building automation systems, a managed network — a breach becomes a complex situation quickly. Liability depends on contracts, regulations, insurance coverage, and the specific circumstances of the incident. Property managers should work with legal and insurance professionals to understand their obligations. But what you can control is the technology risk underneath all of it — and that’s where most properties fall short.
The Lines Are Blurrier Than You Think
Here’s what most building owners and property managers don’t realize: attackers don’t always go straight for the target. They look for the path of least resistance — and in commercial buildings, that path often runs through shared infrastructure.
Building automation systems that control lighting, climate, and elevators are increasingly internet-connected. Leasing office computers, resident portals, property management software, vendor access accounts, staff laptops — all of it represents potential exposure. If any of those systems have weak credentials, outdated software, or no monitoring in place, they become entry points.
A compromised building system doesn’t just disrupt operations. It can serve as a foothold into the broader network environment that your tenants depend on.
What Your Lease Probably Doesn’t Cover
Most commercial leases include some language around network use and IT responsibilities. Most of it was written before buildings got smart and before cyber threats became a daily reality.
Standard lease language typically addresses things like who provides internet connectivity, acceptable-use policies for shared infrastructure, and basic IT responsibilities between landlord and tenant. What it often doesn’t address is what happens when shared infrastructure becomes part of a security incident.
That gap is where disputes tend to happen. Work with legal counsel who understands both commercial real estate and data privacy law to make sure your agreements reflect today’s environment — not the one from ten years ago.
“We Didn’t Know” Isn’t a Defense
Even when lease language protects against direct liability, there’s a harder exposure: demonstrating that reasonable security practices were in place.
If an investigation reveals that your building had known, unaddressed vulnerabilities — outdated firmware on network equipment, unmonitored access points, default passwords on building systems — that becomes part of the story. Courts and regulators look at what you knew, what you should have known, and what you did about it.
Having no IT security program doesn’t limit your exposure. In many situations, it increases it.
How to Reduce Your Exposure
The good news: most of this risk is manageable if you’re ahead of it. Here’s what that looks like in practice.
Know what’s on your network. Every device connected to your building’s infrastructure is a potential entry point — smart thermostats, IP cameras, badge readers, elevator controllers, staff devices, and vendor systems. They all need to be inventoried and maintained.
Segment your network. Tenant traffic and building systems should operate with clear, enforced boundaries between them. Proper segmentation limits how far an attacker can move if they do get in.
Keep systems patched and updated. Outdated firmware and unpatched software are among the most common causes of successful attacks. This applies to building systems just as much as it does to computers.
Monitor continuously. 24/7 network monitoring and intrusion detection means problems get caught early — not weeks later when the damage is done.
Manage access tightly. Administrator password management, controlled vendor access, and strong authentication across staff and tenant-facing systems all reduce the likelihood of unauthorized entry.
Back up your data. Backup and disaster recovery isn’t just for catastrophic events. It’s what allows operations to continue when something goes wrong — and something always eventually does.
Document your security practices. If something does go wrong, being able to show that you had a security program in place — monitoring, patch management, network security — matters when liability is being sorted out.
The Bottom Line
A data breach involving your building’s infrastructure isn’t automatically your legal problem — but it can become a very costly one if the right security practices weren’t in place. The organizations that navigate these situations best are the ones that didn’t wait for something to go wrong before taking IT security seriously.
If you’re not sure where your building stands from a technology risk standpoint, that’s the most important thing to find out.
LG Networks provides managed IT services for commercial real estate owners, property managers, and multi-site businesses across Dallas and the broader DFW area. Our services include 24/7 monitoring, patch management, intrusion detection, antivirus management, spam filtering, managed Wi-Fi, network security, backup and disaster recovery, and IT support — the full security foundation that helps reduce your exposure before a problem starts. Reach out to start a conversation.






