Membership
Network
Regional Sites & Affiliates
Events
Participate
Resources
Training
Credentials
Government
Content Channels
Tools
Business Overview
Dialed In
Navigating stricter cybersecurity regulations
Stricter cybersecurity regulations are reshaping how facilities deploy and approve remote monitoring devices. As cyber threats increase, organizations are tightening control over any technology that connects to their internal networks. This is especially true for systems accessed remotely by contractors, vendors or facility managers.
Organizational networks are prime targets for cyberattacks. Any system that allows remote access can unintentionally create vulnerabilities that cybercriminals exploit to steal data, install malware or move laterally through a network. While remote monitoring devices quickly detect and provide alerts to problems at facilities, they can also expose sensitive systems if not properly secured.
Organizations commonly rely on HVAC controls, boiler systems, refrigeration units, automation sensors and IoT devices to manage operations off-site. Without strong cybersecurity controls, these systems can quickly become entry points for attacks. In 2025 there were on average 820,000 malicious IoT hacking attempts every day, a 46 percent increase from the previous year, underscoring the need for stronger security frameworks. The average cost of a data breach is US$4.88 million, but in the United States that cost reached US$10.2 million in 2025, a 9 percent increase from 2024, according to IBM.
When it comes to remote monitoring systems, using cellular-connected devices instead of tying equipment into internal networks enables organizations to reduce cybersecurity risk and keep operations running smoothly. Cellular remote monitoring also supports regulatory and cyber-insurance requirements by minimizing exposure to third-party access.
Growth of attack opportunities in industrial environments
The growth of operational connectivity has significantly expanded opportunities for cyberattacks. Historically, building management systems and industrial control systems operate in isolated environments. Today, remote diagnostics, predictive maintenance, cloud dashboards and vendor support often require connectivity beyond facility walls.
When these systems connect directly to internal IT networks, they create potential pathways between operational systems and enterprise infrastructure. Even if a remote monitoring device itself stores limited data, attackers can use it as an entry point to access more critical systems.
Recent high-profile ransomware incidents have demonstrated how attackers exploit weak access points, like unmanaged IoT devices, to disrupt operations. As a result, organizations are reevaluating how and where remote monitoring devices connect.
Cybersecurity standards driving change
There is no single solution to securing remote monitoring devices, but many organizations rely on established cybersecurity standards and best practices to manage risk effectively. Key frameworks shaping device approval and access include:
By integrating best practices from these frameworks, organizations are significantly reducing cyber risk. According to industry reports, more than 68 percent of hospitals, 90 percent of enterprises and 57 percent of mid-to-large manufacturers now apply elements of the NIST Cybersecurity Framework. These efforts help limit attack paths and prevent remote monitoring devices from becoming weak links in network security.
Cyber insurance requirements add pressure
In addition to regulatory frameworks, cyber insurance carriers are tightening underwriting standards. Many insurers now require documented cybersecurity controls before issuing or renewing policies.
Common requirements include:
-
multifactor authentication (MFA)
-
network segmentation
-
device inventory documentation
-
access logging and monitoring
-
vendor access management controls
If a remote monitoring device connects directly to the corporate network, insurers may require evidence that it meets security standards and that access is properly restricted. Failure to comply can lead to higher premiums, coverage exclusion or denied claims following a cyber incident. This added scrutiny is accelerating the shift toward solutions that minimize network exposure.
Impact on contractors & FM
As cybersecurity requirements become stricter, contractors and FMs face increased responsibilities when connecting devices to corporate networks. Common requirements now include:
-
Formal approval processes: Authorization is required before network access is granted, often involving VPN credentials, certificates or other approved authentication methods.
-
Strong authentication: Secure passwords and multifactor authentication are required to ensure that only verified users and devices gain access.
-
Device security compliance: Remote monitoring devices must meet organizational security standards, including proper configuration, updated firmware and secure communication protocols.
-
Controlled network usage: Devices may only connect through approved network segments, VLANs or VPN tunnels following role-based access principles.
-
Monitoring, logging & auditing: Accurate logs must be generated and reviewed for compliance.
-
Training & awareness: Required cybersecurity training ensures all parties understand organizational policies and operate connected devices securely.
For outside contractors, these requirements can significantly delay deployment of services. For FMs, they create administrative burdens that can slow maintenance and service operations.
Why organizations are moving to cellular remote monitoring
Gaining access to corporate networks has become increasingly time-consuming. Contractors often face delays caused by security assessments, compliance reviews and IT onboarding processes before they can begin work.
For example, HVAC or boiler maintenance contractors may need remote access to check system status, receive alarms or run diagnostics. In some facilities, they receive temporary or restricted access. Under stricter cybersecurity rules, even limited network access can take weeks to approve. These delays can postpone preventive maintenance, extend downtime and reduce responsiveness during emergencies.
By using cellular-connected devices instead of tying equipment into internal networks, organizations can reduce cybersecurity risk and keep operations running smoothly. Cellular remote monitoring supports regulatory and cyber insurance requirements by minimizing exposure to third-party access.
Because the device does not connect to the corporate LAN, it eliminates many of the approval hurdles associated with IT-managed network access.
Comparing network-based vs. Cellular remote monitoring
A sensible path forward
As cybersecurity threats evolve, organizations are shifting from reactive defenses to proactive risk reduction. Rather than granting direct access to internal networks for remote monitoring devices, many organizations are reevaluating whether such access is necessary at all.
Cellular remote monitoring offers a safer, simpler and more secure alternative. By separating monitoring devices from corporate IT infrastructure, organizations can maintain operational visibility without compromising network security.
As regulations tighten and insurance requirements expand, solutions that reduce exposure while maintaining reliability will continue gaining traction. For contractors, FM and IT teams, cellular remote monitoring represents a practical path forward, helping facilities stay compliant, efficient and protected.
Dave DeFusco is vice president of engineering at Sensaphone, a developer and manufacturer of remote monitoring and alerting systems. For more than 20 years he has been involved in the design of monitoring and control systems for facility managers in many areas including water and wastewater, healthcare, data centers, commercial greenhouse operations, food and beverage, HVACR and agriculture.
References
Top image via Getty Images.
IoT Hacking Statistics 2026 | Global Trends and Key Insights, Malware.News, https://malware.news/t/iot-hacking-statistics-2026-global-trends-and-key-insights/103975
Cyber Insurance Outlook: Emerging Risks, Underwriting Trends, and Strategic Insights, Burns & Wilcox, https://www.burnsandwilcox.com/insights/cyber-insurance-outlook-emerging-risks-underwriting-trends-and-strategic-insights/
IEC 62443, AMDT, https://amdt.com/en/resources/glossary/iec-62443
ISO/IEC 27001:2022, https://www.iso.org/standard/27001
NIST Cybersecurity Framework Adoption & Industry Analysis, ACSMI, https://acsmi.org/blogs/nist-cybersecurity-framework-adoption-original-data-amp-industry-analysis-2025
IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements, NIST Computer Security Resource Center, https://csrc.nist.gov/pubs/sp/800/213/final
Cyber Insurance Requirements Are Getting Tougher: What Every Organization Must Know in 2026, SecureAIT, https://www.secureait.com/2025/12/09/cyber-insurance-requirements-are-getting-tougher-what-every-organization-must-know-in-2026/
Cyber Insurance Outlook: Emerging Risks, Underwriting Trends, and Strategic Insights, Burns & Wilcox, https://www.burnsandwilcox.com/insights/cyber-insurance-outlook-emerging-risks-underwriting-trends-and-strategic-insights/
Top 13 Secure Remote Access Best Practices in 2025, Venn, https://www.venn.com/learn/secure-remote-access/secure-remote-access-best-practices/
Read more on Risk Management and Technology or related topics Data strategy and information management , Cybersecurity and Asset Management
Explore All FMJ TopicsRelated articles
-
A New Approach
Improving business continuity with alarm managementBy Brad Freeman09.09.2024 -
Beware of Growing Cyberthreats
Why it’s time for stronger facility cybersecurityBy Andrew Harris & Eric Headington10.30.2024 -
Going Up?
Keeping elevators safe & compliantBy Dave Myers & Doug Taylor11.06.2024
