Enquire Search

Paul McCarthy, our CTO, is featured in the March edition of PFM to share advice on how IWMS can be protected from cyber security threats.

Statistics released by the UK Government last year showed that 39% of UK businesses had identified a cyber attack. Of those attacks, 83% were phishing attempts – when the attacker attempts to trick someone into clicking a bad link or downloading malicious software.

According to data from FireEye, 70% of people open and read a phishing email. We all like to think we’ll never fall for a scam, but as attacks become more advanced there is always a risk. In the FM sector, that risk increases with the implementation of more technology and smart devices. An IWMS (Integrated Workplace Management System) brings many benefits, but, as with any new system implementation, organizations must ensure that strong cyber security protocols are in place. That includes training employees and adding extra layers of security.

BYOD

A bring your own device (BYOD) policy advises employees on what devices they can or cannot use for work purposes, and how use of those devices is regulated. Remote working has likely led to increased usage of personal devices for work purposes, while the nature of FM means that many people are based on site and using a tablet or phone. A robust BYOD policy should ensure that security settings on a device are enabled and up-to-date, and that anti-malware tools are installed. Staff should also receive advice on ensuring device security (PIN, fingertip or face recognition lock), downloading apps and data, not clicking on unexpected links or pop-ups, and guidance should they lose a device or think they’ve clicked on a suspicious link. Tessian cites a survey that 83% with relaxed BYOD usage saw increased security issues, so it’s a key step to take to safeguard your IT network.

Multi factor authentication

Multi factor authentication (MFA) is when software requires an additional form of approval after entering a password. This might be a code send to your email address or mobile phone, or answering a security question. An increasing number of software providers now make MFA compulsory as many hacking attempts can be attributed to weak passwords.

User permissions

If you do have multiple users of a system, it’s unlikely that you’ll want everyone to have access to the full suite of information, to ensure data security as well as GDPR compliance. You might want to prevent some users from accessing sensitive information, or simply improve the user experience by only giving them access to relevant information, such as data from the site they work at. Any robust IWMS will offer flexibility in terms of user security, ensuring that roles can be assigned to individuals to guarantee they can only access information relevant to their job role. This helps to protect your data and that of your customers, suppliers and contacts.

Hosting

Cloud hosting can often offer more increased security and peace of mind than storing data and IWMS applications on site. IWMS hosting providers offer dedicated security teams, robust security protocols, backups and disaster recovery strategies that in-house IT teams often simply cannot match.

Keep your software updated

My final tip may seem obvious but it’s always worth repeating. If you’re looking for a IWMS provider, verify its security credentials, such as ISO 27001 or Cyber Essentials. These accreditations are provided by independent bodies and ensure that strong processes are in place to prevent attacks, including robust development methodologies and regular penetration testing to mitigate cyber risk. Here at SWG, we have been ISO 27001 accredited for many years, and the ISO 27001 principles run through every aspect of the way in which we develop, deliver and support our IWMS products, to ensure optimum levels of security for our customers. Following these five tips will ensure you have a comprehensive barrier set up to prevent cyber attacks, and you can spend your time making the most out of your IWMS.

 

 

FM Audits - improve quality and speed
September 2024

Audits: How to Inspect the Uninspected

Learn how automated audits help FMs improve compliance, cut costs, and maintain high standards across sites.

Read more
September 2024

Using Software for Safety Compliance in Residential Care

We explain how implementing CAFM software can help Aged Care providers automate maintenance, enhance compliance, and improve resident safety.

Read more
How is smart technology affecting facilities management?
September 2024

Technology in FM: An FM Industry Temperature Check

We explore the new technologies in FM, AI and IoT, the challenges facility managers face, hybrid working and sustainability.

Read more