Enquire Search
CAFM software cyber security

Toasters that give the perfect shade for any slice; fish tanks that create the perfect aquatic environment; refrigerators that reorder essentials when stocks get low – anything and everything can now be made smart to make our lives easier at home and work. However, this growing number of smart devices requires smart thinking as any connected hardware or software can be a target for cyber threats. Cloud provider VMware’s Global Incident Response Threat Report 2022 found 65% of respondents reported increased cyberattacks since Russia invaded the Ukraine, on top of already heightened threat levels during the pandemic.

Facilities management teams are frequently turning to smarter ways of working to improve their costs and efficiency, as well as making the workplace more inviting and productive for employees. This could take the form of air quality sensors, asset sensors or something more fundamental like CAFM software. A CAFM system could be run across hundreds of users on hundreds of devices causing potential exposure for a business, but there are a number of simple steps that can mitigate security threats.

1) Keeping your software updated

Good CAFM vendors invest significant resources into making their software secure from hackers. Regular penetration testing, which simulate cyberattacks against the software, throughout development and beyond mean vulnerabilities can be identified and removed, as well as weekly scans to ensure code security. Updates to protect against new threats are released as patches that can be downloaded on the latest version of the software, so it’s essential to keep your CAFM updated. FMs should look to buy a CAFM solution from a vendor with cybersecurity credentials, such as ISO 27001 or Cyber Essentials. These prove vigorous checks have been undertaken by an independent awarding body to confirm strong information security processes are in place.

2) Cloud hosting

For additional peace of mind, FMs can choose to host software in the cloud instead of on their own premises. As well as the operational benefits of being able to access the CAFM from any browser window and removing server maintenance work from the in-house IT team, cloud hosting can also offer exceptional security. SWG offers hosting of QFM and P3rform software with Microsoft Azure, one of the most innovative and secure infrastructures available. Microsoft has dedicated security teams working around the clock, with comprehensive monitoring services and data privacy compliance to global and country-specific standards.

3) Multi factor authentication

Enterprise software is designed to be accessible to your whole team, and this can mean hundreds of logins. Multi factor authentication (MFA) or 2 factor authentication (2FA) can add an additional layer or security should a hacker get hold of a user password. MFA requires a second form of approval after a password has been entered, for example entering a code delivered to the registered user’s email or phone, answering a security question, or presenting a fingerprint. 80% of hacking-related breaches can be attributed to weak or compromised passwords, so implementing MFA in addition to password complexity rules at your organisation can add significant protection.

4) User permissions

QFM offers administrators the opportunity to define access rights for different users. This is to limit access and ensure potentially sensitive information is not accessible, but can also benefit the user by streamlining their journey. For example, user permissions could be placed on room bookings so that users in a geographical region can only view local spaces rather than having to filter through all room types; some types of reporting could be restricted to employees at manager level and above; or the ability to be able to change software settings can be limited depending on the user.

5) BYOD policy

A 2022 report by Proofpoint, leading cyber security and compliance company, found that 79% of respondents stated that the increase in home working had adversely affected their organisation’s cyber security. 41% allow employees to use their own phones / tablets to access corporate systems and data, so in order to minimise the risk of breaches, organisations must implement a BYOD (bring your own device) policy. This involves either banning them, so unapproved devices are blocked from downloading CAFM software for example, or else a policy created to advise and regulate their usage. This could include ensuring security settings are switched on and up-to-date, anti-malware tools are installed and apps regularly updated. All staff should be educated on what to do should their device to lost / stolen, or they’ve clicked on a suspicious link.


For more information about how Service Works Global maintains robust security for its market leading CAFM software, QFM, contact us here.

Keep up to date on the latest industry and technology developments: sign up to receive SWG’s blog delivered straight to your inbox: