homenews and insights 10 steps to cyber security for your bems

10 steps to cyber security for your BeMS

By Dr Andrew Eaton
01 July 2020

Product Marketing Manager

Meet our SSE Energy Solutions experts

A logo with the words 10 steps to cybersecurity for your BEMS

Unless your organisation takes cybersecurity very seriously, your systems may be vulnerable to attack. Here is some advice from the National Cyber Security Centre to help to secure your BeMS from cyber-attacks.

Remote connection

Having a remote connection to your BeMS is highly advantageous. Up to 90% of issues with BeMS can be resolved remotely, and in today’s COVID-19 world, not having to have an engineer visit your site is desirable, for everyone’s sake. Despite this, some organisations are nervous about the security of their systems, and IT staff reluctant to connect the BeMS to their corporate systems.

Connection Options

However, linking to the corporate network is not the only solution to achieving a remote connection. A separate, secure connection can be installed with a VPN, or a cellular, 4G wireless router installed. This solution has security advantages in that fewer people have access to this standalone network compared to the corporate system, although it does require additional IT support to keep it secure, and SSE can help to provide IT support for your BeMS network.

Here are 10 actions that we recommended, based on advice from the National Cyber Security Centre.

1. Set up a risk management regime

  • Assess the risks to your organisation’s information and systems with the same vigour that you would for legal, regulatory, financial, or operational risks
  • To achieve this, embed a Risk Management Regime across your organisation, supported by the Board and senior managers

2. Basic network security

  • Protect your networks from attack
  • Defend the network perimeter
  • Filter out unauthorised access and malicious content
  • Monitor and test security controls

3. Malware prevention

  • Develop and implement relevant policies
  • Install anti-malware defences across your organisation

4. Control removable media

Even if your BeMS is not connected to the internet, without security systems in place, it may still be at risk, for example, from staff using malware transported on CDs or memory sticks.

  • Produce a policy to control all access to removable media
  • Limit media types and use
  • Scan all media for malware before importing onto the corporate system

5. Secure configuration

Many BeMS use out of date and unsupported operating systems, such as Windows 7. These will not receive updates and security patches to protect from new known threats.

  • Always upgrade to the latest operating system (See our blog; 10 reasons to upgrade from Windows 7)
  • Apply all security patches
  • Ensure that the secure configuration of all systems is maintained
  • Create a system inventory and define a baseline build for all devices

6. Manage user privileges

  • Establish effective management processes
  • Limit the number of privileged accounts
  • Limit user privileges and monitor user activity
  • Control access to activity and audit logs

7. Home & mobile working

  • Develop a mobile working policy and train staff to adhere to it
  • Apply the secure baseline and build it into all devices
  • Protect data both in transit and at rest

8. Monitoring

  • Establish a monitoring strategy and produce supporting policies
  • Continuously monitor all systems and networks
  • Analyse logs for unusual activity that could indicate an attack

9. User education and awareness

  • Produce user security policies covering acceptable and secure use of your systems
  • Include in staff training
  • Maintain awareness of cyber risks

10. Incident management

  • Establish an incident response and disaster recovery capability
  • Test your incident management plans
  • Provide specialist training
  • Report criminal incidents to law enforcement

To make use of all the advantages that a remote connection brings, to upgrade your BeMS to Windows 10, or to get help maintaining the integrity and security of your BeMS network, call us on 0345 072 9529, or email us at info@sseenergyoptimisation.co.uk