5 Ways facilities managers cxan help strengthen cybersecurity
We all know how important it is to maintain and optimize your physical office space, but what about your digital office space? The online systems and software you use as a facility manager are vital to your daily tasks. In order for your employees to get their work done, they need to be able to use your technology confidently and securely.
"Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity."
1. Protect your building management system
Your building management system involves multiple operations, staff and personnel. You need to have certain protocols in place for handling vendors and other offsite staff who might be using your networks.
Even if you have other people maintaining your networks, it’s your responsibility to take control of the system. When choosing external vendors that use your networks for certain purposes, make sure you're aware of the information they have access to, how they are using the information and that they too have security measures in place.
OfficeSpace Software is a SaaS solution that ensures all of these aspects and works closely with your IT department on a ongoing basis, so you can spend more time managing your facility and less time worrying about your software.
2. Ensure employees are aware of security issues
Take the time to train employees on protecting sensitive information. Employees should not to leave loose papers in printers, fax machines, or conference rooms. Documents containing sales reports, customer details, and personal information should be treated as confidential. All doors and file cabinets should be locked at the end of the day to avoid theft and info leaks.
Implementing a culture that encourages and perhaps even rewards whistleblowing can be crucial to ensuring your employees follow these security guidelines.
Passwords should changed regularly and committed to memory, not written down on paper. Computers users should log off of their accounts of at the end of the day. Each system should have the latest anti-virus software, and wireless networks should be well-protected. To keep documents secure among a mobile workforce, files should be stored using cloud-based software. (And while employees should know better than to discuss company information on social media networks, take the time to create a social media policy outlining what is not appropriate for sharing.)
Having simple user IDs and passwords creates a weak link that hackers can exploit. It’s important to create a policy for both password and ID creation. Depending on the software you’re using, you might be able to embed password creation protocols into the system.
If you can’t, then make sure your company's passwords follow these rules:
• They should be unique (include a mix of lowercase and uppercase letters as well as numbers).
• They should only be assigned to a single person.
• They should be updated on a regular basis.
• They should be changed the moment staff leaves or transfers.
Want a detailed IT Password Policy template, so you can incorporate into your facilities management strategy? Click here.
That said, it can be tough for employees to remember so many passwords for different accounts. Consider implementing a password manager, to help manage that process.
3. Monitor and protect easy access points
It’s easy to obsess over large scale systems and processes for password management, but sometimes we neglect the things that are right in front of us. For example, it’s a good idea to inspect your building for any easy access DSL points you might not even know exist.
Sometimes these lines will be installed by facility staff in order to simplify maintenance, but an unprotected line can create an entry point for hackers.
When it’s time to replace old computers, destroying the hard drive is an absolute must. According to The Denver Post, while special software can replace the computer’s information with random data, some experts say that the replacement process must occur three times to be effective. As with paper shredding, you can also hire outside services to destroy your hardware. The safest thing, however, may just be to take a hammer to the hard drive yourself.
4. Consistently update your company software
Make sure all of your software is up-to-date by downloading the latest patch for every program you use often (but always ensure you create a backup before you update in case a patch introduces problems). Most software development is reactionary — meaning updates to the codebase usually occur after certain entry points are found. Failing to regularly update your software is essentially the same as leaving your front door wide open.
5. Protect IT data
Make sure that your WiFi network and any internal networks you use for information sharing are encrypted and password protected. Even setting up basic web filters will help prevent employees from visiting non-secure websites that might install malware on the local network.
When explaining to employees why their access is restricted, frame your reasoning as a need to protect company software and data. It’s not a limitation of staff freedom; it’s a preventative measure for their security and the company's.
While master keys are convenient, they do pose a security risk. Picklocks can use a technique called “rights amplification” to make a copy of the key—a major risk for areas holding server rooms. To protect against break-ins, FacilitiesNet writer Lynn Proctor Windle suggests purchasing locks with “high-security cylinders,” which are not available for sale to the general public. Another good practice when choosing lock systems is to check its UL 437 rating, which ranks the lock’s ability to withstand security breaches.
Sometimes it can seem unclear whether a security issue should fall under facilities or IT. This is all the more reason to establish a culture of mutual accountability. If one department thinks that the other will take care of the matter, then neither may end up attending to it at all.
As a facility manager you have a lot on your plate, but by taking security precautions now, you can avoid a slip up in the future. Maintaining your cybersecurity might take a little extra time, but it’s time well spent.