Paul McCarthy, our CTO, is featured in the March edition of PFM to share advice on how CAFM systems can be protected from cyber security threats.
Statistics released by the UK Government last year showed that 39% of UK businesses had identified a cyber attack. Of those attacks, 83% were phishing attempts – when the attacker attempts to trick someone into clicking a bad link or downloading malicious software.
According to data from FireEye, 70% of people open and read a phishing email. We all like to think we’ll never fall for a scam, but as attacks become more advanced there is always a risk. In the FM sector, that risk increases with the implementation of more technology and smart devices. A CAFM (Computer Aided Facilities Management) system brings many benefits, but, as with any new system implementation, organisations must ensure that strong cyber security protocols are in place. That includes training employees and adding extra layers of security.
BYOD
A bring your own device (BYOD) policy advises employees on what devices they can or cannot use for work purposes, and how use of those devices is regulated. Remote working has likely led to increased usage of personal devices for work purposes, while the nature of FM means that many people are based on site and using a tablet or phone. A robust BYOD policy should ensure that security settings on a device are enabled and up-to-date, and that anti-malware tools are installed. Staff should also receive advice on ensuring device security (PIN, fingertip or face recognition lock), downloading apps and data, not clicking on unexpected links or pop-ups, and guidance should they lose a device or think they’ve clicked on a suspicious link. Tessian cites a survey that 83% with relaxed BYOD usage saw increased security issues, so it’s a key step to take to safeguard your IT network.
Multi factor authentication
Multi factor authentication (MFA) is when software requires an additional form of approval after entering a password. This might be a code send to your email address or mobile phone, or answering a security question. An increasing number of software providers now make MFA compulsory as many hacking attempts can be attributed to weak passwords.
User permissions
If you do have multiple users of a system, it’s unlikely that you’ll want everyone to have access to the full suite of information, to ensure data security as well as GDPR compliance. You might want to prevent some users from accessing sensitive information, or simply improve the user experience by only giving them access to relevant information, such as data from the site they work at. Any robust CAFM system will offer flexibility in terms of user security, ensuring that roles can be assigned to individuals to guarantee they can only access information relevant to their job role. This helps to protect your data and that of your customers, suppliers and contacts.
Hosting
Cloud hosting can often offer more increased security and peace of mind than storing data and CAFM applications on site. CAFM hosting providers offer dedicated security teams, robust security protocols, backups and disaster recovery strategies that in-house IT teams often simply cannot match.
Keep your software updated
My final tip may seem obvious but it’s always worth repeating. If you’re looking for a CAFM provider, verify its security credentials, such as ISO 27001 or Cyber Essentials. These accreditations are provided by independent bodies and ensure that strong processes are in place to prevent attacks, including robust development methodologies and regular penetration testing to mitigate cyber risk. Here at SWG, we have been ISO 27001 accredited for many years, and the ISO 27001 principles run through every aspect of the way in which we develop, deliver and support our CAFM products, to ensure optimum levels of security for our customers. Following these five tips will ensure you have a comprehensive barrier set up to prevent cyber attacks, and you can spend your time making the most out of your CAFM software.