Enquire Search

Paul McCarthy, our CTO, is featured in the March edition of PFM to share advice on how IWMS can be protected from cyber security threats.

Statistics released by the UK Government last year showed that 39% of UK businesses had identified a cyber attack. Of those attacks, 83% were phishing attempts – when the attacker attempts to trick someone into clicking a bad link or downloading malicious software.

According to data from FireEye, 70% of people open and read a phishing email. We all like to think we’ll never fall for a scam, but as attacks become more advanced there is always a risk. In the FM sector, that risk increases with the implementation of more technology and smart devices. An IWMS (Integrated Workplace Management System) brings many benefits, but, as with any new system implementation, organizations must ensure that strong cyber security protocols are in place. That includes training employees and adding extra layers of security.


A bring your own device (BYOD) policy advises employees on what devices they can or cannot use for work purposes, and how use of those devices is regulated. Remote working has likely led to increased usage of personal devices for work purposes, while the nature of FM means that many people are based on site and using a tablet or phone. A robust BYOD policy should ensure that security settings on a device are enabled and up-to-date, and that anti-malware tools are installed. Staff should also receive advice on ensuring device security (PIN, fingertip or face recognition lock), downloading apps and data, not clicking on unexpected links or pop-ups, and guidance should they lose a device or think they’ve clicked on a suspicious link. Tessian cites a survey that 83% with relaxed BYOD usage saw increased security issues, so it’s a key step to take to safeguard your IT network.

Multi factor authentication

Multi factor authentication (MFA) is when software requires an additional form of approval after entering a password. This might be a code send to your email address or mobile phone, or answering a security question. An increasing number of software providers now make MFA compulsory as many hacking attempts can be attributed to weak passwords.

User permissions

If you do have multiple users of a system, it’s unlikely that you’ll want everyone to have access to the full suite of information, to ensure data security as well as GDPR compliance. You might want to prevent some users from accessing sensitive information, or simply improve the user experience by only giving them access to relevant information, such as data from the site they work at. Any robust IWMS will offer flexibility in terms of user security, ensuring that roles can be assigned to individuals to guarantee they can only access information relevant to their job role. This helps to protect your data and that of your customers, suppliers and contacts.


Cloud hosting can often offer more increased security and peace of mind than storing data and IWMS applications on site. IWMS hosting providers offer dedicated security teams, robust security protocols, backups and disaster recovery strategies that in-house IT teams often simply cannot match.

Keep your software updated

My final tip may seem obvious but it’s always worth repeating. If you’re looking for a IWMS provider, verify its security credentials, such as ISO 27001 or Cyber Essentials. These accreditations are provided by independent bodies and ensure that strong processes are in place to prevent attacks, including robust development methodologies and regular penetration testing to mitigate cyber risk. Here at SWG, we have been ISO 27001 accredited for many years, and the ISO 27001 principles run through every aspect of the way in which we develop, deliver and support our IWMS products, to ensure optimum levels of security for our customers. Following these five tips will ensure you have a comprehensive barrier set up to prevent cyber attacks, and you can spend your time making the most out of your IWMS.



January 2024

Building a Sustainable Future: How FM Can Lead the Way

This blog creates a blueprint for improving sustainability in the FM sector, exploring how to identify and action sustainable business goals.

Read more
April 2024

Gary Watkins Steps Down as CEO of SWG as Mats Broman Succeeds Him on 1st May

Gary Watkins steps down as CEO of Service Works Global as Mats Broman succeeds him on 1st May 2024.

Read more
Service Works Global turns 30
April 2024

Service Works Global Turns 30

Established in April 1994, the business has gone from strength to strength under CEO Gary Watkins, and with parent company Addnode Group since 2017.

Read more