Many industries use pressurised rooms to stop cross-contamination between one area of a building and another. For example, semiconductor makers use positive pressure rooms (PPR) to ensure their integrated chips are free of contaminants in the air. Hospitals and clinics employ negative pressure rooms (NPR) to contain the spread of infectious diseases. The difference between positive vs negative pressure rooms is mostly one of pressure differential and air flow. Both approaches use air pressure differentials to control ventilation and contamination.
Pressure Differential
Anyone who’s ever let go of an un-knotted balloon has witnessed the propensity of air to move from a higher pressure area to a lower one. The bigger the pressure differential, the faster the balloon will fly around the room. Building managers use HVAC equipment, fans and ventilation systems to control this natural propensity of air to escape—to keep the “balloon” knotted as it were.
The natural movement of air without the aid of mechanical equipment like a fan is called “passive” air flow, and techs use passive air flow to keep debris and contaminants from entering or exiting a room. If done correctly, the result is a stable environment with lower or higher air pressure than the surrounding area.
What’s a Negative Pressure Room?
To create a NPR, HVAC professionals must move air out at a faster rate than it comes in. That is, a negative quantity of air maintained. The purpose is to control the direction of passive airflow. When someone opens the door of an NPR, negative pressure draws passive air inside, forming a barrier against the escape of pathogens or dust. Interior air then moves through a filtration system to remove contaminants before safely exiting the pressurised environment.
What’s a Positive Pressure Room?
Positive pressure rooms maintain a higher air pressure inside than the surrounding environment. Air escapes the room without letting in outside contaminated air. PPRs exist within surgical theatres and in vitro clinics where contamination is possible. PPR hospital rooms often house immunocompromised patients susceptible to infection or disease. Because PPRs form barriers to outside spaces, their HVAC systems must filter out any contaminants from the interior air while ensuring optimal pressure and safe air quality.
Air Tightness
Pressure room designers try to keep rooms as air tight as possible, but some leakage occurs through gaps in doors, windows and electrical outlets. Designers often outfit NPRs with ante rooms to minimise leakage. These entryways are also safe areas for removing PPE or as a failsafe against pressure loss. Airtightness is also a cost issue. The more leakage, the more energy required to maintain a room’s negative or positive pressure.
Air Comfort
Like any conditioned environment, pressurised rooms must also maintain humidity and air temperature to ensure comfort and safety. Air quality is particularly important for medical facilities, since suboptimal humidity levels can contribute to illness. To aid air quality, HVAC technicians design HVAC systems to include specific numbers of air changes per hour (ACH) based on the size of the room. ACH is a measure of how often air within a space is replaced every hour and is essential to combating contaminated, stale and unhealthy air.
Testing and Monitoring
Smoke tests are a common way to test the effectiveness of a pressurised room. They’re cheap and easy to administer, but aren’t continuous or highly accurate. During a smoke test, technicians create puffs of smoke next to known intakes like registers or under doorways. If the smoke flows inside or outside, then a pressure differential exists. The smoke just needs to move in the right direction. Electronic pressure monitors offer continuous, accurate monitoring, but they’re expensive to purchase and install. Still, accurate testing and consistent monitoring is the best way to maintain the effectiveness of a pressurised room. Inadequate or infrequent testing puts patients and others at risk.
Conclusion
The COVID-19 pandemic has extended the use of pressurised rooms to combat the disease. The idea has extended beyond the hospital room to include waiting rooms, triage, bathrooms and other areas that could contain contaminants or susceptible people.
While pressurised rooms are helpful for health care workers, patients and staff, they also present challenges to HVAC techs and facility managers. Expanding the number and size of pressurised areas in any building means paying more attention to resulting issues like high humidity levels, sticky entryways, mold growth, and increased energy costs. These are new challenges FMs and engineers will need to address as the built environment evolves to meet social change.
In every act of communication, we strive to influence others. Even when our communication is simply to inform, we seek to align someone else’s view of reality to ours. While we can influence others’ behaviors, the higher aim is often to change their minds as well. However, it’s this sense of “mind control” that burdens the term with negative connotations today.
It’s often thought that to influence someone is to hold a hypnotic power over them, usually for nefarious reasons or personal gain. Someone or something is a “bad influence.” We often ascribe the act to politicians, cult leaders, or Rock-and-Roll lyrics. Social media “influencers” are opportunistic marketers. Irresponsible folks drive “under the influence.” You get the idea.
Even though the term has gotten a bad rap recently, the premise of influencing as a part of communication isn’t nefarious at all; in fact, it’s a basic component (and outcome) of any effective communication. And savvy communicators understand how to use influencing strategies to get their message across more effectively. Here are some tips on how to communicate better by influencing your audience.
Soft Landings Approach
Influence requires an understanding that most people fear and resist change. Even when your audience knows change will be beneficial, some push back is inevitable. At these points, communication can become strained or breakdown. When possible, you can influence a successful outcome by easing folks into change rather than “ripping off the bandaid.”
“I do a lot of organisation transition and change management,” says Phoenix Lavin, a veteran FM who’s worked in the industry since 2003. “Sometimes that change is painful, and there’s a bit of grief and disruption.” Lavin suggests meeting resistance to change by taking elements of a “soft landings” approach:
“A soft landings approach incorporates taking the time to introduce people to change. Rather than leaving people feeling like change is being forced on them.”
Phoenix Lavin
“A soft landings approach incorporates taking the time to introduce people to change. Rather than leaving people feeling like change is being forced on them.”
People fear change primarily because they feel a lack of control. In these moments, fear tends to consume our focus, making it tough to communicate. Engage in active listening and let your clients vent their frustrations. Allowing your audience to express their anxiety, lets you identify and focus on the source(s) of that anxiety. You may not think their “problems” are a priority, but by refocusing and being empathetic, you make your audience more receptive to your own ideas.
Also, invite your audience to contribute to the project. It will give them a sense of control. “It’s about how they can see themselves in this new building/facilities,” Lavin explains, “and how they feel engaged and part of the build and operation process.”
By engaging your audience in the problem solving process, you also give them stock in the solution, and they come away from the conversation confident they’ve contributed. You will know your soft landing was successful, if your audience comes away not knowing they’ve even “landed.”
“I’ve got to gently move you around here so you barely realise you’re going around the corner,” Lavin explains. “Then voila! All of sudden now it’s your idea not mine. That’s the influencing component of good communication.”
Avoid Language that Creates Hierarchies
As is often said of words: they matter. The wrong words can alienate your audience by putting others at a lower level and/or yourself within a higher one. We often interpret these linguistic positions on an unconscious level, but they impact our audience’s reaction nevertheless. To level the field, choose language that communicates equality. Lavin provides a relevant example for facilities management:
“In our industry, we are often shackled with the term ‘service’ (which is linked to the term ‘servitude’). What we hear in that word is: You are here to do something for me, and, therefore, I am greater than you. When we look at communication, we’ve got to understand our audience and adjust our language so we’re not in a position of servitude, but in a position of competency and credibility.”
Instead of “customer,” Lavin suggests using terms like “stakeholder” or “end-users” to refer to the people benefiting from your input and expertise. This is especially important in relation to in-house management.
Another loaded term to avoid is “discussion.” Within it, Lavin says, lurks aggression and an imbalance of power. “It’s a one-way exercise,” she says. “It says I’m pounding something into you. I’m going to say what I have to. Instead, I tell people to use open terms like ‘dialogue’ or ‘conversation’ or ‘chat’.”
Some words and phrases may create or reflect frustration as well. As tensions rise in our conversations, our language often becomes more formal sounding or even legalistic. Try to maintain the same level of formality and tone as when you began the conversation, otherwise, your audience will immediately detect such changes, become defensive and make your influence less effective. “These are subtleties,” states Lavin, “but they’re how you change the dynamic of a conversation for the better or worse.”
Include Yourself in the Conversation
In the spirit of equality, speakers and writers should also include themselves in their arguments and narratives. Say “we” rather than “you.” Self-inclusive language helps eliminate hierarchies and signals that you have a stake in the outcome too, that you’re acting in good faith. It also forces you to empathise. If your message is “we’re all in this together” then the implication is that everyone must appreciate one another’s perspective.
“Anyone who is an effective communicator puts themselves into the narrative,” explains Lavin, “not in an arrogant way, but in an understanding, empathetic way. We can take a lesson from Te Reo Māori. In Te Reo Māori, we could start a meeting by saying tēnā koutou which is Greetings to everybody in the room (3 or more) or we can say tēnā koutou katoa which is greetings to everybody, and I’m including myself in the statements going forward.”
“Anyone who is an effective communicator puts themselves into the narrative.”
Phoenix Lavin
Inclusive language is also a prime launching point for bolstering your own credibility and experience. Politicians often use unifying language to great effect. Most never pass up a chance to point out their “working class roots” or “humble beginnings” to connect with their constituents. There’s a simple reason for the ubiquity of this approach: it works. If you’re sincere about your connection, your audience will (and should) respond positively.
“If you’re part of the organisation,” Lavin explains, “then communicate that these decisions are affecting you too. Let’s say you’re at the top table for an expensive capital replacement, and the stakeholders say, The business can’t sustain this. Your response should be: We understand the hesitancy, and we understand the drivers of the business. As a part of the workforce, I understand this. That type of language creates an unconscious connection. So, suddenly you’re not just a person saying I want something from you. You’re saying We need to do this together.
Got an Expert? Bring them Along
Credibility is such a key part of influencing that it’s foolish to omit someone with expertise in the arguments and ideas you’re presenting. Too often, we feel overly confident or too prideful to admit our ignorance of a topic, opting instead to “fake it ‘til we make it.” It’s a dangerous gamble that can tank your influence if you’re outed by a technical question. Lavin advises that if you think your credibility may be questioned, to bring someone else into the room:
We always think we have to do difficult conversations on our own, but we don’t. There’s nothing wrong with saying, ‘Oh, I’ve brought Ms. X along with me today because she’s currently working with X systems and she’s got a better overview and understanding of this.”
The need for expertise requires FMs to build and maintain professional relationships. Find people who can provide you with answers and guidance when you’re stuck. “I still need to bounce things off people,” Lavin admits. “I’ll ring people and say, I’ve got to bounce this off you. This is where I’m going, and I can see it’s not going to work but I can’t quite see my way out of it. When you’ve got a great network of people who have skillsets different from yourself, you can do that.”
Conclusion
At its most complex level, the art of influencing is about abiding by simple courtesies of communications. It doesn’t take an advanced degree in communications or being a master orator to be empathetic, inclusive and thoughtful about the words you use. There’s no “political correctness” to abide by. For most managers, these “strategies” are basic mores of professional conversation. Often the real art of influencing is not in the execution of these simple courtesies, but in the remembering to do so.
Software-as-a-service (SaaS) is a growing trend in FM because of several advantages cloud-based services deliver over in-house development. For one, it’s generally cheaper to outsource your software needs rather than spend time and money developing a bespoke solution. Ramp up time is much faster too. The general wisdom is that FMs get a better product by letting the market do the heavy R&D lifting. Data accessibility and security is generally equivalent or comparable to in-house IT, provided you do your homework. To that end, here are some key SaaS components to consider during the procurement process. Download this SaaS procurement checklist for quick reference.
Mobile Access
Remote and hybrid work schedules are on the rise. Your team and your clients need the flexibility of mobile access to stay competitive. Look for a cloud-based software with admin/client access to most features, dashboards and data via mobile device and web browser.
Customer Support
Customer support is essential to seamless integration and service continuity, so invest some time here. Take advantage of free demos and trial periods to kick the tires on a vendor’s customer service. Submit a work order and note things like response times, professionalism, expertise and problem solving.
Pro Tip: If possible omit your company affiliation when creating a demo account. Companies often give a potential enterprise account better service than a single user.
Training Resources
Training resources ensure a smooth integration, and any SaaS vendor worth their salt will offer a healthy library of video tutorials, how-to guides, in-office training and online resources for you and your staff. Have your staff sample a few offerings and rate them for accessibility, clarity and ease-of-use.
Data Security
Given the rise in ransomware attacks, data security is a priority, and most SaaS platforms collect some data on you and your users. Data storage, collection and encryption are a security and compliance issue, so ask about these practices. If a vendor isn’t forthcoming, it may be a red flag. Look for security standards and certifications for cloud-based software. These credentials might include Cloud Industry Forum certification or compliance with international standards for cloud-based security such as ISO-27001.
Data Ownership
Who owns your data is also a key consideration, especially when and if you ever switch to another vendor. So, ask about the data transfer process to other platforms. How complicated is retrieval? Can you simply download a spreadsheet or does the vendor collect it for you? The vendor may claim rights to your data beyond the contract end date. Does this violate your own privacy policies? Ensure these data ownership topics are clearly spelled out in your SLA.
Integration
Software platforms need to easily integrate with your connected systems, like your BMS, CRM or billing software. Check the vendor’s list of supported brands and models. But even if your systems are supported, the integration process may take more time than you want. Ask for a time frame for getting up-and-running with the platform before making your final procurement decision.
Pricing Model
SaaS companies often use their pricing schemes to “hide” add ons and upsells for new features after purchase. Read their pricing page carefully. Even if the annual plan is cheaper, it may contain stipulations like extra costs for adding accounts or transactions. Month-to-month plans will have limited features, so check the pricing comparison list to see which ones you’ll be missing out on with a basic plan.
Pro Tip: If a platform offers “custom” pricing for enterprise accounts, take the opportunity to negotiate a lower price based on your evaluation of the product. For example, the lack of adequate training resources might justify a lower annual price.
Customer Reviews
For real-world usability, go to the source: customers. Review sites like Capterra and G2 Crowd offer descriptions and consumer ratings of all types of products. Sites like these also let you make an apples-to-apples comparison of SaaS platforms, their features and prices.
Usability
Ill-designed SaaS platforms erode their effectiveness, so evaluate these key usability components:
User Interface
Pages, buttons and menus are organised in a logical way
There is a consistent look (i.e., colors and textures) from area to area.
The font is easy to read
Navigation
It’s easy to locate information
There’s a smooth flow when performing steps in a task
You can perform the same task from multiple places
Responsiveness
The website loads quickly
The interface works well on mobile devices and small screens
Also keep in mind that an ineffective interface is harder to learn, which can length the training process and cost you time and money.
Growth
Finally, during your SaaS procurement, decide whether your chosen SaaS will grow with your business. Does the company have a track record of innovation and growth? How easy is it to add new accounts for future employees? Is there a limit on the number of users? Does the company have plans for expanding features? Answering these questions and others like them will get your better idea of whether a specific SaaS will meet your future needs.
Facilities managers must master many skills to be effective. Communication, multi-tasking, technical knowledge, and resilience to name a few. But in a market disrupted by pandemics, climate change, tech innovations and new regulations, knowing how to prepare for the future can be a challenge. To narrow things down, we asked FM experts in both education and the private sector to give us their perspectives on what skills FMs should be shoring up now for the future. What we found was not just a focus on new tech, but a good mixture of hard and soft skills, with the latter leaning heavily on communication.
1. Innovation Awareness
Tech tools for FMs are growing steadily, with an expanding list of digital solutions for BMS, CAFM, CMMS and energy management. The 2018 Global FM Market Report reports cloud-based services and anything-as-a-Service (XaaS) models will be two major trends moving into 2025. In short, the complete digitalisation of building management is fast approaching.
While digitalisation and automation produce more accurate building data and save time, such a dynamic tech landscape requires FMs to stay savvy about new tech. Dr. Eziaku Onyeizu Rasheed, a Senior Lecturer at Massey University, explains:
“Since the start of the Facilities Management profession, the FM’s role has evolved from the technical maintenance of building systems to more proactive, digitalisation of building management. So, FMs need to upskill to be conversant with the associated technological innovations.”
The struggle to keep up is putting pressure on already over-extended FMs. However, resources like online courses, industry blogs, workshops, conferences and FM organisations help fill knowledge gaps with the least time investment.
We can’t always know what’s happening with our audiences’ viewpoints. We can’t know how they got there, or how they take in information. But what we can do is create connections, and from that understanding.
Phoenix Lavin, Design and Construction Interface Manager
2. Perspective-Taking
In psychology, perspective-taking is the ability to perceive a situation or understand a concept from another person’s point of view. It’s a key personality trait for FMs who must manage many stakeholders and consider different perspectives. And with the pandemic and changing workspaces disrupting normal routines, FMs must adapt quickly. Adopting another’s perspective can facilitate that change quicker and easier.
“You need the ability to adapt your ideas with those of others,” Rasheed explains, “and to be aware that there are different views of particular issues and topics.” Her point is well taken: consensus and compromise first demands an accurate understanding of another’s stake in the situation.
Phoenix Lavin, a Design and Construction Interface Manager at Programmed, agrees. Lavin is a veteran FM who’s honed her skills of perspective-taking. She suggests the first step is tackling one’s own unconscious bias:
“We all bring a perspective to the table that’s informed by our ethnicity, race, socio-economic status and education level. These biases often ‘blind’ us to how others see issues.” she explains.
So how do you overcome unconscious biases? You don’t completely. It’s something to be managed rather than “cured.” However, for Lavin part of the answer is creating meaningful connections with others. Connections force us to see others as individuals rather than obstacles. “We can’t always know what’s happening with our audiences’ viewpoints,” she explains. “We can’t know how they got there, or how they take in information. But what we can do is create connections, and from that understanding.”
3. Building Systems Basics
Modern building management systems now automate much of the reporting, scheduling and monitoring for FMs. But today’s property managers still need a basic understanding of hard building systems for proper asset management.
Gas, plumbing, HVAC, electrical, and fire safety are each complex systems in their own right, but today’s smart building technology is integrating each into a larger, connected whole. FMs must manage the complexity of these connections, which begins with a good foundation in technical knowledge.
Technical knowledge has even more value today, given the break-neck pace of technological and environmental changes. Rasheed highlights the importance of technical skills. “While their role has expanded to include the importance of soft skills,” she states, “today’s FMs still require technical knowledge to successfully navigate the complexities of the profession, especially in emergency situations.” A foundation in technical knowledge is an effective stopgap against the uncertainties of global warming, cybersecurity threats, pandemics and an evolving workplace.
Today’s FMs still require technical knowledge to successfully navigate the complexities of the profession, especially in emergency situations.
Dr. Eziaku Onyeizu Rasheed, Massey University
4. Communicating to Influence
All facilities managers need a deep understanding of communication. They tackle everything from delivering bad news on a CAPEX project to breaking down a technical topic for end-users. “What makes a good FM,” says Lavin, “is the ability to take information, process it, and then deliver it in a way that’s understood by your audience.”
It’s a straightforward notion, but Lavin explains there’s a deeper complexity to effective communication than simply sending and receiving messages:
“Effective communicators also seek to influence,” she says. “They ask: What is it I want my communication to do? Where am I driving people? I do a lot of organisation transition and change management. Sometimes that change is painful. I have to move an organisation away from the trainwreck they’re heading towards, and there’s a bit of grief and disruption.”
Lavin’s “soft landing” approach helps build inclusion and influence. “Soft landings are when we take the time to introduce people to change,” she explains. “And rather than leaving people feeling like change is being forced on them, it’s about how they can see themselves in this new building/facilities and how they feel engaged and part of the build and operation process.
“I’ve got to gently move you around here so you barely realise you’re going around the corner, and then voila! All of sudden now it’s your idea not mine. That’s the influencing component of good communication.”
5. Communicating to Build Credibility
Lavin adds that good communicators also work hard to establish their credibility, which takes more than just demonstrating your expertise on a subject. Sometimes it requires changing someone’s perspective of a situation or showing their non-expertise.
“It’s hard to create credibility in a job that people feel they can do themselves. With soft services, for example, everyone thinks they can do it. No one thinks there’s any technical know-how or planning in these things. It’s a bit like painting your house. Everyone feels they can paint their own house because they see people do it on TV…that is, until they go to do it.”
Lavin suggests overcoming these types of biases by reframing the situation. “You may come up against someone who says: I just don’t believe it takes two hours to vacuum a room. So, I ask them ‘How did you get to this idea?’ and they say, I compared it to vacuuming my own house.’ I ask, How often do you vacuum your house? and they say, Once a week. I say, “Well, how about I get the cleaners on your floor just to vacuum once a week for the next month. We’ll still pay them the same. Then you tell me how your physical environment feels to work in after a month.’ So far, no one’s taken me up on the offer.”
6. Adaptability
If FMs had a master soft skill, it would be adaptability. Like the buildings we manage, we like to think of our processes, habits and personalities as strong, immovable, structures that produce predictable outcomes. And while the work of facilities management has always required a certain level of nuance and flexibility, those personal qualities are in higher demand today. Pandemics, building tech, governmental regulations, flexible workstations and artificial intelligence are disrupting the management of built environments.
What’s more, the rate of change is faster than the production of new FMs, so continual education and adaptability are certainties for anyone looking to make a long-term career in facilities management. “Our ideas and practices cannot always be repeated,” Rasheed explains, “but we should adapt them to the prevailing nature of events. FM practice must adapt to accommodate these changes and remain relevant to organisations.
Ransomware attacks are now a global threat. Between 2019 and 2020, attacks rose by 62% worldwide according to the 2020 Internet Crime Report. Attacks like the Colonial Pipeline in May 2021 are high profile cases that garner media attention, but SMBs and facilities of every size are now targets of cyber thieves.
Hospitals and medical facilities are favored targets because they house sensitive medical records. Facilities like these are in no position to bargain with cyberthieves, and they end up paying hefty ransoms to recover sensitive information. And the financial fallout from ransomware attacks is significant, with security experts estimating global ransomware losses to hit $20 billion in 2021, which is 57 times the cost just five years ago.
There’s a lesson to be learned for facilities managers: letting your properties become vulnerable to a ransomware attack is costly. Instead of paying cyberthieves, invest resources into mitigating your risks: shoring up your IT services, educating staff and creating response plans.
What is Ransomware?
Ransomware is a type of malware that enters your computer system and/or network and encrypts your data. Users lose access to files, applications and/or their databases. To decrypt the data, cyberthieves demand a ransom, and if the ransom isn’t paid, the data is destroyed.
Ransomware finds its way into most systems through direct attacks on software weaknesses or by exploiting human error through phishing emails. Once it infects your system, ransomware is programmed to spread to connected devices, encrypting more documents, spreadsheets and photos as it grows.
Train Staff on Cybersecurity Best Practices
Cyberthieves exploit human weakness to gain access to your data. It only takes one staff member clicking on the wrong email link to put your building data and tenant info at risk. That’s why beefing up your team’s cybersecurity skills is a top priority. Cybersecurity habits like these help you avoid many types of computer viruses and malware.
Updating Operating Systems
Operating system (OS) updates include the latest virus signatures and definitions. Older versions don’t, which makes them more vulnerable to cyber attack. Have your team set up auto updates for their Windows and Mac OS and installed programs. That way, forgetting isn’t an issue.
Identifying Phishing Emails
Email is a common entry point or “attack vector” for cyber criminals to deploy malware, and humans are notoriously susceptible to their exploits. Train your staff how to identify a phishing email to keep your network free of ransomware.
Creating Strong Passwords
Weak passwords let cyberthieves walk right into your facility network. Unfortunately, too many employees opt for weak, yet popular, passwords like “123456” because they’re easy to remember. Teach your team the simple steps of creating a strong password or consider investing in a password manager, which automates the process of creating and remembering strong passwords.
Turn on Two-Factor Authentication
Remind your team to implement two-factor authentication when possible. Turning this feature on adds an extra layer of security by requiring the users to identify themselves with a mobile device or an authentication app. Each user typically authenticates their sign in through a PIN number or biometric scans like a fingerprint.
Backup Your Data
Since ransomware targets your data, backing it up can help mitigate losses from encryption. Still, data backup has its limitations and can’t protect you like an anti-malware software, for example, but it does offer the insurance of data replication. In other words, it’s an after-the-fact solution rather than real time protection.
Data Assessment
The first step in building effective backup is making sure you are backing up ALL your data. Some FMs may manage multiple facilities, each having separate databases and devices. Do you know where your critical info is stored? What about your team members? Are those with assigned devices backing up their data correctly? Critical data can easily be overlooked, which is why experts suggest conducting a data audit.
3-2-1 Rule
Data storage experts often advise business to follow the 3-2-1 Rule:
Make 3 copies of your facility data: a production copy and two backups).
Store your copies on 2 different media types (e.g., USB Drive, CDs, magnetic tape).
Keep 1 copy offsite from your facility.
Ransomware moves throughout your system, and any connected devices are susceptible. The intention of the offsite rule is to “air gap” your data, removing it from the network completely. Cloud storage is considered “off site” but is also susceptible to the same attack if backups are updated too quickly. In other words, your cloud storage could begin backing up already encrypted data before you became aware of the attack. This is a risk for most backup systems, which is why physically disconnected storage is essential.
Get Ransomware Detection Software
Cloud-based companies like Microsoft build ransomware detection into their online storage platforms (i.e., OneDrive), but if you’re not using cloud-based storage, this doesn’t help. For an added layer of protection against malware, invest in a cybersecurity software that meets your needs and budget. Most major cybersecurity software brands include ransomware protection and decryption tools within their plans. While malware software isn’t a replacement for good cybersecurity habits and data backups, it does add redundancy to your system.
Include Ransomware in Your IRP
Ransomware attacks are high-pressure situations. Time is critical, and decisions have to be made on the fly. So preparation is key. Ensure your incident response plan (IRP) includes ransomware mitigation strategies. There are several basic steps most experts agree businesses should take when attacked by ransomware:
Don’t pay the ransom. Experts say paying only puts you at risk of being targeted again. Plus, acquiescing only makes the problem worse for everyone else by financially incentivising the criminals.
Disconnect devices. Your first move is to stop the malware infection. Disconnect your devices from your network and the internet. Unplug ethernet cables. Remove storage devices like thumb drives. Disable wireless connection (wifi) on your mobile devices.
Get evidence. Take photos (with an uninfected phone) of the ransom notes and any correspondence with the thieves.
Run a malware scan. Use the Task Manager on your Windows 10 devices to run a scan for ransomware. Shut down any Apple devices.
Reset passwords. Change your passwords for your admin accounts.
Get help. Solicit professional IT services for advice or help. You will likely need their services to ensure your network and devices are free of malware before reconnecting.
Report the incident. Government cybersecurity agencies like CERT (NZ) can help you navigate the incident, record the attack and notify other businesses of the threat. Other reporting agencies include IC3 (US) and ActionFraud (UK).
At some point, you may want (or be legally required to) notify your tenants of the data breach. If there is a potential for the malware to spread to your tenant’s networks, early notification will help their office managers execute their own IRP’s. If cross-contamination is a low risk, you might move notification to a lower priority. Consult legal experts around your specific reporting requirements and adjust your IRP accordingly.
When protecting your facilities from malware attack, think in terms of “layers” of protection. You and your team members are the first layer of defense. Your virus software is another. The more stopgaps you have, the better your chances of avoiding infection. It pays to invest a little time and money up front than to deal with the fallout from a successful hack. And remember, when it comes to ransomware, you’re not an island. Successful criminals go on to rip off other businesses, so your action or inaction directly affects the profitability of others.
