With the recent Brightly hack of millions of user accounts, you aren’t alone if you are wondering how CMMS or other SaaS software systems secure your data.
We will share what there is to learn from this event about selecting a CMMS. We will also list what you and your team can do to keep your data safe, and your systems able to run maintenance without interruption.
What the Brightly hack means for its customers
At this point, most of us have experienced or been notified that our data has been breached in some way or another. But what does it mean specifically when a CMMS’s data is compromised?
Inconvenience for the maintenance workers using the system
At a minimum, hacks and data breaches present a major inconvenience for the victims of the attack. Going through the process of resetting passwords, informing impacted stakeholders, and performing incident response is a preventable drain on resources.
Breach of trust with the maintenance team’s internal customers
Speaking of informing impacted stakeholders, data breaches can have a big reputational impact. Maintenance teams rely on a lot of user and company data to get their jobs done. And their organizations place a lot of trust in them to manage it well.
In the case of a breach of maintenance data, internal data on operations, productivity, and budgeting is at risk. Organizations trust their maintenance managers and staff to choose their vendors wisely and take steps to protect this data.
Long-term financial and personal consequences
Any data breach can run the risk of long-term financial and personal costs for the users and companies involved. Identity theft and fraud carry real risks to individuals, and the cost of mitigating or compensating for those risks can be costly for companies.
What your software vendor should be doing to protect your data
Any cloud-based software you are using should be forthcoming about their data security practices during the sales or customer support process. Some industries like healthcare and finance have regulations they are required to follow for the sensitive data they store. Aside from those regulations, there are 7 pillars of security that any SaaS company should follow.
- Strong authentication and access management
- Network control
- Perimeter network control
- Vendor management
- Data protection
- Governance and incident management
- Scalability and reliability
How to vet a vendor’s security practices when you aren’t a data security expert
If you are a maintenance manager responsible for finding a CMMS solution at your organization, how do you evaluate a software’s data practices when that isn’t your area of expertise? Here are two approaches:
- Rely on your internal partners in IT. Your company likely has someone on staff with the right expertise to help you evaluate a software’s data security. Use them as a partner in this process.
- Use this as an opportunity to evaluate the vendor’s service. A vendor’s ability to cooperatively explain this complex yet critically important information can tell you a lot about them. If they can’t or aren’t willing to share details, run the other way.
At Limble, our world-class data security practices ensure that your account information is safe. We use state-of-the-art technologies and industry best practices to maintain a secure infrastructure, including SOC-II Type II certification, regular penetration testing, and continuous security training for our staff. If you would like to review our security practices, we invite you to visit the Limble Trust Center.
What you can do to protect your data
When choosing to partner with a SAAS company, it is easy to feel like your data security depends solely on the vendor. But the truth is that there is a lot you, the user, can do to keep your information safe and secure.
Follow as many of these security best practices, and you will be on your way toward taking control of your data security.
Use a password vault to create and protect strong passwords
Create passwords that are difficult for hackers to guess by using a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using the same password for multiple accounts, as this increases the risk of a hacker gaining access to multiple accounts.
Store these strong passwords in your vault. Install the password vault extension to your browser to ensure you have easy access to your stored passwords.
Perform regular software updates
Hackers often exploit vulnerabilities in outdated software to gain access to systems. While most updates occur automatically, it is best practice to periodically check your operating system for any available updates.
Be vigilant about phishing scams
Phishing is a common tactic used by hackers to trick individuals into revealing sensitive information such as passwords, credit card numbers, or proprietary company information. This is why it’s important to be cautious of emails or messages from unverified senders or those that ask for sensitive information.
Use antivirus software
Antivirus software plays an important role to protect your computer from malware and other malicious software. Utilize an antivirus program to maintain a layer of protection for your company-provided devices.
Limit access to sensitive information
Only provide sensitive information (e.g. SSNs, credit card information, personal or customer data) when absolutely necessary. Avoid storing this information on your computer, and instead, save information in a cloud drive. Always verify who you are providing sensitive information to before sending it.
Be cautious when using unsecured public Wi-Fi
Unsecured public Wi-Fi networks are unsafe, and hackers can use them to intercept data. Avoid accessing sensitive information while using public Wi-Fi. Utilizing a mobile hotspot on your own mobile device is a great alternative.
Use a VPN
A virtual private network (VPN) can help protect your online privacy and security by encrypting your internet connection. If you regularly access internal systems while traveling or from public Wi-Fi networks, consider using a VPN.
Keep track of your devices. Don’t leave your laptop, tablet, or smartphone unattended in a public place or vehicle. While out in a public area, be cautious of individuals trying to steal information by spying on your device’s screen while it is in use.
Report any suspicious activity and lost or stolen devices immediately
Where there is smoke, there is usually fire. And by catching risks, vulnerabilities, and signs of an attack early, you can prevent a lot of the negative consequences. It is essential to train your team to be vigilant about the signs and common causes of attacks, and to report them right away.
In short, it is essential to not only be diligent about the software vendors you choose to work with, but also the internal practices each of your team members follow to keep data secure. Limble is a company that takes data security very seriously, and we serve as a partner for all our customers in doing the same.