Paul McCarthy, our CTO, is featured in the March edition of PFM to share advice on how CMMS systems can be protected from cyber security threats.
Statistics released by the UK Government last year showed that 39% of UK businesses had identified a cyber attack. Of those attacks, 83% were phishing attempts – when the attacker attempts to trick someone into clicking a bad link or downloading malicious software.
According to data from FireEye, 70% of people open and read a phishing email. We all like to think we’ll never fall for a scam, but as attacks become more advanced there is always a risk. In the FM sector, that risk increases with the implementation of more technology and smart devices. A CMMS (Computerised Maintenance Management System) brings many benefits, but, as with any new system implementation, organisations must ensure that strong cyber security protocols are in place. That includes training employees and adding extra layers of security.
A bring your own device (BYOD) policy advises employees on what devices they can or cannot use for work purposes, and how use of those devices is regulated. Remote working has likely led to increased usage of personal devices for work purposes, while the nature of FM means that many people are based on site and using a tablet or phone. A robust BYOD policy should ensure that security settings on a device are enabled and up-to-date, and that anti-malware tools are installed. Staff should also receive advice on ensuring device security (PIN, fingertip or face recognition lock), downloading apps and data, not clicking on unexpected links or pop-ups, and guidance should they lose a device or think they’ve clicked on a suspicious link. Tessian cites a survey that 83% with relaxed BYOD usage saw increased security issues, so it’s a key step to take to safeguard your IT network.
Multi factor authentication
Multi factor authentication (MFA) is when software requires an additional form of approval after entering a password. This might be a code send to your email address or mobile phone, or answering a security question. An increasing number of software providers now make MFA compulsory as many hacking attempts can be attributed to weak passwords.
Cloud hosting can often offer more increased security and peace of mind than storing data and CMMS applications on site. CMMS hosting providers offer dedicated security teams, robust security protocols, backups and disaster recovery strategies that in-house IT teams often simply cannot match.
Keep your software updated
My final tip may seem obvious but it’s always worth repeating. If you’re looking for a CMMS provider, verify its security credentials, such as ISO 27001 or Cyber Essentials. These accreditations are provided by independent bodies and ensure that strong processes are in place to prevent attacks, including robust development methodologies and regular penetration testing to mitigate cyber risk. Here at SWG, we have been ISO 27001 accredited for many years, and the ISO 27001 principles run through every aspect of the way in which we develop, deliver and support our CMMS products, to ensure optimum levels of security for our customers. Following these five tips will ensure you have a comprehensive barrier set up to prevent cyber attacks, and you can spend your time making the most out of your CMMS software.