Enquire Search

Paul McCarthy, our CTO, is featured in the March edition of PFM to share advice on how CMMS systems can be protected from cyber security threats.

Statistics released by the UK Government last year showed that 39% of UK businesses had identified a cyber attack. Of those attacks, 83% were phishing attempts – when the attacker attempts to trick someone into clicking a bad link or downloading malicious software.

According to data from FireEye, 70% of people open and read a phishing email. We all like to think we’ll never fall for a scam, but as attacks become more advanced there is always a risk. In the FM sector, that risk increases with the implementation of more technology and smart devices. A CMMS (Computerised Maintenance Management System) brings many benefits, but, as with any new system implementation, organisations must ensure that strong cyber security protocols are in place. That includes training employees and adding extra layers of security.


A bring your own device (BYOD) policy advises employees on what devices they can or cannot use for work purposes, and how use of those devices is regulated. Remote working has likely led to increased usage of personal devices for work purposes, while the nature of FM means that many people are based on site and using a tablet or phone. A robust BYOD policy should ensure that security settings on a device are enabled and up-to-date, and that anti-malware tools are installed. Staff should also receive advice on ensuring device security (PIN, fingertip or face recognition lock), downloading apps and data, not clicking on unexpected links or pop-ups, and guidance should they lose a device or think they’ve clicked on a suspicious link. Tessian cites a survey that 83% with relaxed BYOD usage saw increased security issues, so it’s a key step to take to safeguard your IT network.

Multi factor authentication

Multi factor authentication (MFA) is when software requires an additional form of approval after entering a password. This might be a code send to your email address or mobile phone, or answering a security question. An increasing number of software providers now make MFA compulsory as many hacking attempts can be attributed to weak passwords.

User permissions

If you do have multiple users of a system, it’s unlikely that you’ll want everyone to have access to the full suite of information, to ensure data security as well as GDPR compliance. You might want to prevent some users from accessing sensitive information, or simply improve the user experience by only giving them access to relevant information, such as data from the site they work at. Any robust CMMS system will offer flexibility in terms of user security, ensuring that roles can be assigned to individuals to guarantee they can only access information relevant to their job role. This helps to protect your data and that of your customers, suppliers and contacts.


Cloud hosting can often offer more increased security and peace of mind than storing data and CMMS applications on site. CMMS hosting providers offer dedicated security teams, robust security protocols, backups and disaster recovery strategies that in-house IT teams often simply cannot match.

Keep your software updated

My final tip may seem obvious but it’s always worth repeating. If you’re looking for a CMMS provider, verify its security credentials, such as ISO 27001 or Cyber Essentials. These accreditations are provided by independent bodies and ensure that strong processes are in place to prevent attacks, including robust development methodologies and regular penetration testing to mitigate cyber risk. Here at SWG, we have been ISO 27001 accredited for many years, and the ISO 27001 principles run through every aspect of the way in which we develop, deliver and support our CMMS products, to ensure optimum levels of security for our customers. Following these five tips will ensure you have a comprehensive barrier set up to prevent cyber attacks, and you can spend your time making the most out of your CMMS software.




modern office with hybrid work
November 2023

Managing Workspaces in the Hybrid Work Era

Hybrid working has become a new standard in the workplace, but with recent retractions from large organisations how does this affect facilities managers?

Read more
November 2023

Why FM Really Matters

Featured in PFM, Marc Watkins, our BDD, discusses how efficient facilities management is vital to employee experience and productivity.

Read more
November 2023

Retrofitting BIM: Creating Better Buildings

Featured in Public Sector Build Journal, Marc Watkins, Business Development Director, discusses how retrofitting existing buildings with BIM technology can improve building capabilities and how it can help building owners during the RAAC crisis.

Read more