If you have commercial tenants, they’ve likely scheduled heating or air conditioning outside of your building’s usual business hours. Managers and owners commonly refer to these extra hours as overtime HVAC, after-hours HVAC, after-hours air conditioning or some variation. These overtime utility services give companies the flexibility to host special events, hold annual meetings, or simply extend their workday hours.
Tenant overtime HVAC systems are online platforms that automate the scheduling and billing of those after-hours HVAC requests. These systems streamline much of the traditional steps of a tenant overtime program, including scheduling and billing. Consequently, they save property managers and their staff time and resources. In addition, overtime HVAC systems can increase tenant satisfaction and conserve energy. Modern systems operate on a software-as-a-service model (SaaS) where property managers pay a monthly subscription for the service, but one-time fees are also available.
Modern tenant overtime systems let property owners set normal business hours (blue), while tenants can schedule HVAC service outside these times (green).
After-Hours vs Standard Occupancy Times
Standard business hours or “occupancy times” for buildings vary by region, but most fall somewhere around 8 a.m. and 6 p.m. Monday to Friday. Owners and managers define their business hours within commercial leases and agree to provide heating, cooling and lighting for tenants to operate their businesses. However, many leases also allow for “after-hours” or “overtime” HVAC requests. These are defined as any times outside normal business hours, and they’re usually billed separately from normal OPEX.
To recoup the costs for providing after-hours HVAC services, managers and owners usually charge tenants a fixed hourly rate (ex: $35/hour). The rate usually includes an estimated energy cost for providing service for one hour, plus an admin fee to cover staff time.
Overtime HVAC Scheduling
Because after-hours HVAC requests are outside standard operating hours, tenants must schedule them with the manager or building engineer. Typical steps in a standard overtime program usually involve the following:
The tenant makes an overtime HVAC request via email or text.
The manager records the request in a spreadsheet and notifies the building engineer.
The engineer programs the request into the building’s BMS.
The manager invoices the tenant at the end of the month for the overtime charges.
Managing this process requires time and resources, which is why most leases require a 24 or 48-hour notice per request. The window gives staff enough time to schedule the request, but places limits on how spontaneous tenants can be with last minute schedules.
Tenant overtime HVAC systems eliminate or simplify many of the above steps. Instead of an email or phone call, tenants use an online portal and web browser to submit overtime requests. Since overtime systems link to your building’s BMS, they bypass the need for manual reporting and system programming—no managers or engineers needed. This keeps notice times shorter, and tenants benefit from the increased flexibility.
Overtime HVAC systems also come with mobile apps. Tenants use these programs to schedule after-hours services from their smartphones or tablets. The freedom of mobile scheduling tends to increase overall tenant satisfaction with a property’s after-hours program.
Common connection flow of a cloud-based tenant overtime HVAC system to a commercial property.
Overtime HVAC Billing
Billing for standard hour energy is straightforward. Tenants pay pro rata based on the building’s total utility costs for the month. The strategy essentially splits the energy costs among all tenants equally, and everyone pays their share at the end of the month. However, overtime HVAC charges add complexity to monthly billing. It would be unfair to split overtime energy costs among all tenants, since only specific ones use it, so landlords invoice tenants only for the kWh they use.
However, individual invoicing takes more time. Spreadsheets need updated. Invoices generated. Emails sent to tenants. Plus, manual entry increases the risk of mistakes, leaving tenants paying too much or too little. Tenant overtime HVAC systems automate most of these monthly billing tasks, eliminating human error and tenant disputes around charges.
Overtime systems record BMS operation histories in their servers. So, times, days, and durations of overtime services are automatically generated for any timeframe. Most platforms also automate monthly billing to tenants. Since the system tracks individual usage, it can email automated invoices to tenants, taking the paperwork off property managers.
Energy Conservation
On average, 30% of the energy used in commercial buildings is wasted. After-hour scheduling changes and cancellations happen. It’s not uncommon for tenants to walk into unheated boardrooms or for entire building floors to sit unoccupied while chillers run at full power. Such scheduling mistakes waste energy and money. The bulk of these issues stem from recording mistakes and human error. A work order was overlooked, an email went to spam. Someone was out sick. These are common, often unavoidable, situations.
Because they’re automated systems, tenant overtime platforms eliminate human error. Schedule changes and cancellations are caught more frequently and wasted energy reduced.
Overtime HVAC systems can also positively affect tenant attitudes toward energy waste. Because tenants pay for the overtime kilowatts they use, they’re more cautious about waste. In contrast, attitudes towards energy use during standard business hours can be markedly different. Those tenants often have a “use it or lose it” approach, feeling they should condition the air in their spaces, whether they’re empty or occupied. The attitude is “We’re paying for it anyway.”
Tenant Satisfaction
Aside from time and money savings, the biggest selling point of overtime HVAC systems is their value to tenant businesses. With HVAC scheduling, office managers can operate hybrid workspaces more effectively. Government agencies can use after-hours reports to report on sustainability goals. Software developers could employ overtime usage to evaluate team productivity. Marketing agencies could add overtime energy costs as a billable line item for clients. The value of tenant overtime HVAC systems is yet to be fully realized, but the heart of it lies in their ability to empower tenants to run better businesses and organisations.
The COVID pandemic increased awareness and use of relatively new decontamination methods for medical facilities. In addition to standard surface cleaning and disinfection, hospital managers employ vaporized hydrogen peroxide (VHP) systems within negative pressure rooms to eliminate SARS-CoV-2. Sometimes referred to as “Deprox,” these systems distribute a mixture of hydrogen peroxide and water within a room. The mixture is small enough to decontaminate areas that are too difficult or impossible to clean by hand.
However, VHPs must work in conjunction with HVAC systems to be safe and effective, and most functional descriptions put strict limits on an HVAC’s operation during decontamination. Use the following information to guide your design when connecting to VHPs.
HP Vapor vs Aerosol Systems
There are two methods for dispersing hydrogen peroxide (H2O2) for airborne disinfection. One is vapor phase hydrogen peroxide (VPHP) and the other is aerosolised hydrogen peroxide (aHP). The main difference being the size and concentration of the hydrogen peroxide as it leaves the system. VPHP systems produce much smaller particles and at higher concentration than aHPs. They are much closer to a gas than aHPs, which are more of a “fog” ranging from 5 and 20 μm in size.
Exposure Limits
Both VPHPs or aHPs require some downtime for operation and room exposure levels to return to normal. Decontamination cycles may take up to three hours to complete. Exposure to hydrogen peroxide vapor can be harmful, resulting in irritation to the eyes, nose and throat. The OSHA standard for permissible exposure limits to H2O2 is 1 part per million parts of air (ppm) averaged over an eight-hour work shift.
Functional Descriptions
Include these sections when writing a FD that includes VPHP or aHP for negative/positive pressure rooms.
Room Modes—Room modes include isolation, deprox and standby. During the deprox process, the HVAC system should be turned off and dampers closed to ensure the VHP system works effectively.
Closing Dampers—When switching from standby or isolation to deprox mode, factor in a lag time to allow dampers to fully close. For example:
If the room is switched to deprox mode, the deprox LED will flash on and off for 75 seconds whilst the room dampers are driving closed. Once the 75 seconds have passed, the LED will be enabled.
Velocity Pressure Setpoint—Include a deprox pressure setpoint when setting duct velocity pressure points.
If the room is put into deprox mode, the velocity pressure setpoint is reduced to the deprox velocity pressure setpoint (To be determined at time of commissioning).
Smoke and Fire Detectors
Particles from VPHP or aHP can set off fire and smoke detectors. Consider the implications for your HVAC system. Since HVAC systems are normally integrated into fire systems to ensure proper exhaust of smoke, a false alarm may affect your system.
Touch screens are ubiquitous. We use them at the grocery store to check out, and at the airport to check in. They’re at visitor center kiosks, our banks, our homes and even in our cars. And today, because they’re the primary interface of smartphones, touch screens are literally in our faces for 4.2 hours every day. They are the “Black Mirror” that fans of the series will know as that part of device that reflects our image back towards us.
But despite their prevalence, few know how touch screens work. It’s not because they’re a “new” technology (they’ve been around for roughly six decades). Instead, it’s likely a failure of users to fully appreciate the ingenuity that goes into solving the unique problem of connecting humans and computers through touch. To that end, here’s a quick look on the four basic types of touch screens and how they function. But first, a little touch screen 101.
How do Touch Screens Work?
All touch screens work by creating a predictable X and Y grid pattern on the surface of the screen (Think back to the coordinate plane of your primary math class). As our fingers or stylus interacts with the grid, we introduce a disturbance. The disturbance might be a fluctuation in electrical resistance, capacitance, heat or even acoustical wave flow. The screen’s sensors then detect these changes and use them to triangulate our finger/stylus position. Finally, the sensors translate our clicks and gestures to the CPU, which executes the appropriate command (e.g., “open the app”). Simple in theory, but complex in practice.
Screen Tech Tradeoffs
Like any technology, touch screens have several cost-benefit factors, and manufacturers tailor their products to maximise specific benefits for different consumer needs. One common tradeoff for touch screens is accuracy vs cost. Typically, the more accurate the screen, the more expensive, due to the extra components or more expensive materials used. Screen clarity is another consideration. Some screen designs provide 100% screen illumination, while others adopt layered screens, which can dampen resolution and brightness. Other common screen characteristics include:
Durability vs cost
Single vs multi-touch (i.e., two or more fingers)
Finger touch vs stylus vs both
Resistance to contaminants like water and oil
Sensitivity to electromagnetic interference (EMI) or direct sunlight
High vs low power consumption
Consumers and businesses often trade less-needed features for more desirable ones. For example, facility access screens require more durability and “touch life,” with less consideration towards clarity and multi-touch, while smartphone makers need both (and more!) to compete.
Resistive touch screens work like an electric switch, with users pressing layers to make contact and complete the circuit.
Resistive Touch Screens
The most straightforward touch screen design is the resistive touch screens (RTS). These screens employ a multi-layered design, which includes glass covered by a thin plastic film. In between these two layers is a gap with two metallic electrodes, both resistive to electricity flow. The gap is filled with a layer of air or inert gas, and the electrodes are organized in vertical and horizontal grid lines. Essentially, resistive touch screens work like an electric switch. When the user presses the screen, the two metallic layers come into contact and completes the circuit. The device then senses the exact spot of contact on the screen.
RTS are low-cost and use little power. They’re also resistant to contaminants like water and oil, since droplets can’t “press” the screen. Almost any object can interact with the screen, so even thick gloved hands are usable. However, RTS usually offer low screen clarity and less damage/scratch resistance.
Capacitive touch screens use small electrical charges to indicate where users are pointing.
Capacitive Touch Screens
One screen type you’ll find on almost every smartphone is the capacitive touch screen (CTS). These screens have three layers: a glass substrate, a transparent electrode layer and a protective layer. Their screens produce and store a constant small electrical charge or capacitance. Once the user’s finger touches the screen, it absorbs the charge and lowers the screen capacitance. Sensors located at the four corners of the screen, detect the change and determine the resulting touch point.
Capacitive screen come in two types: surface and projected (P-Cap), with the latter being the common screen type for today’s smartphones and tablets. P-Cap screens also include a thin layer of glass on top of the protective film and allows for multi-touch and thin gloved use. So, they’re popular in health care settings where users wear latex gloves.
Having fewer layers, CTS offer high screen clarity, as well as better accuracy and scratch resistance. But their electrified designs put them at risk of interference from other EMI sources. Plus, their interaction is limited to fingers and/or specialised styluses.
SAW touch screens transmit soundwaves, which are disrupted by finger touches and used to locate precise points on the screen.
Surface Acoustic Wave Touch Screens
Surface Acoustic Wave (SAW) touch screens use sound waves instead of electricity. SAWs have three components: transmitting transducers, transmitting receivers, and reflectors. Together, these components produce a constant surface of acoustic waves. When a finger touches the screen, it absorbs the sound waves, which, consequently, never make it to their intended receivers. The device’s computer then uses the missing information to calculate the location of touch.
SAWs have no traditional layers, so they tend to have the best image quality and illumination of any touch screen. They have superior scratch resistance, but are susceptible to water and sold contaminants, which can trigger false “touches.”
Infrared touch screens are similar to SAWs; only they use infrared light (IR) instead of sound waves to detect disruptions.
Infrared Touch Screen
Infrared (IR) touch screens are like SAW screens; in that they contain no metallic layers. However, instead of producing ultrasonic sounds, IRs use emitters and receivers to create a grid of invisible infrared light. Once a finger or other object disrupts the flow of light beams, the sensors can locate the exact touch point. Those coordinates are then sent to the CPU for processing the command.
IR screens have superior screen clarity and light transmission. Plus, they offer excellent scratch resistance and multi-touch controls. Downsides include high cost and possible interference from direct sunlight, pooled water, and built-up dust and grime.
The Niagara Framework (NF) is developed by Tridium, and if you visit the company’s website, you will learn Niagara is a “comprehensive software platform for the development and deployment of connected products and device-to-enterprise applications.” If you’re like most FMs and property owners, that description sounds pretty technical and dense, as if it were written in a different language. Ironically, the notion of miscommunication within different languages illustrates perfectly what the Niagara Framework is and, more accurately, what it attempts to solve.
Let’s try to clarify Tridium’s definition by breaking it down into parts, so that by the end of this article you should have a better idea of what Niagara does. We’ll start with a simple thought experiment, then take a deeper dive into how Niagara helps buildings and devices communicate.
Niagara: The Ultimate Travel Adapter
Imagine you’re going on an overseas vacation and need a travel adapter. While at the airport waiting to take off, you spot an adapter in a retail store window. However, it’s not just any old travel adapter, it’s the Ultimate Travel Adapter, equipped with hundreds of outlets for every country, region and plug type imaginable. What’s more, the adapter has older plugs styles, so now you can charge that ancient iPod you brought along. Imagine you bought such a product. What could it do for you?
For one, it would give you the flexibility to buy and use any device you wanted. It would free you from having to use one brand. It would eliminate compatibility issues. Plus, it would let you plug all your devices into one place, simplifying the management of all your electronics.
The Niagara Framework functions like the Ultimate Travel Adapter, connect all of your devices and platforms together into one architecture. You can find a Tridium explainer video here.
Next, imagine your adapter has controls for managing each device. It also comes equipped with a dashboard that shows power consumption, current status, and security alarms. Even better, you’re able to access all of this valuable information online. With such a digital tool, you could save energy by unplugging unneeded components, quickly identify failed devices and better predict outages. In short, you could save time and money by increasing your efficiency.
Finally, image your travel adapter itself adapts to the changing technological landscape. After all, plug styles come and go, and so your adapter must also adapt or risk becoming antiquated. Such an adaptation feature could help extend the life of your equipment, letting you bring your favorite devices into the future. It would give you considerable freedom and centralised control over your travel itinerary.
This, in a nutshell, is what the Niagara Framework platform does: it works as a “architecture” for connecting systems and devices for building operation and automation. Now let’s take a deeper dive into how devices and systems communicate to better understand Niagara’s role.
Protocols: The “Language” of Machines
Dozens of systems and hundreds of pieces of hardware make up modern buildings, and each of these components must communicate with one another. To accomplish this, building devices must share a common “language” or what engineers call a protocol. The result is “interoperability” of devices, which is the main goal of platforms like Niagara. This is what Tridium means by “development and deployment of connected products” within their description.
The two dominant standard protocols for building devices are BACnet and LonWorks. These protocols are why your smart meter can transmit energy data to your BMS, even though two different companies made them. The two companies have agreed to design their products using these standard protocols so that you could integrate them easily. Another benefit of standard protocols is that you get to pick and choose which devices you want to use, as opposed to being locked into using propriety hardware from a single vendor (think Apple products).
Standard vs Open Protocols
There are two basic approaches to achieving interoperability of devices: standard and open protocols. Open protocols are when hardware designers use a propriety language for their devices, but “open” their protocol for public use. Access to the protocol gives other developers the “dictionary” for building gateways and interfaces, which “interpret” from one machine language to another. Essentially, the company is saying: Take our protocol and design something that will let other devices work with it. Developers use these open protocols to ensure interoperability between their products and others.
Standard protocols work by building consensus among many different developers to adhere to a standard machine language. So, a standard protocol isn’t proprietary but shared among the members. The upside to a standard protocol is that it requires no interpreter or gateway. Devices speak directly to one another right out of the box.
The Niagara Framework adopts a standard protocol stance towards development of building automation devices. That is, it attempts to wrangle the long list of standard device protocols under one umbrella platform—a type of protocol for protocols. But more than devices make up buildings. What’s this “device-to-enterprise application” all about?
Buildings: A Polyglot of Digital Voices
In addition to device languages, there are also standards and protocols for almost everything that helps your building and business function. For example, there are computing standard languages for the internet (IP or internet protocols). Then there’s programming languages for software, operating systems (Windows vs Mac) and computer networks. When you add it all up, buildings are a cacophony of digital voices singing ones and zeros to each other (#ITjokes).
To ensure these voices sing in unison, enterprise standards like CORBA, XML and DCOM were created. These standards attempt to translate between different operating systems, programming languages and computing hardware. They ensure interoperability of platforms. Without them, companies would be inundated with service calls and services would grind to a halt.
The Niagara Framework, again, connects devices to any enterprise applications within your buildings. Say you wanted to pass energy usage data through to your accounting software. Because it’s a flexible platform that facilitates interoperability, you can use Niagara to easily build these types of connections. This is what Tridium means by “device-to-enterprise application.”
The Internet Connection
One big advantage the Niagara platform brings to building automation systems and devices is wireless connections. It achieves this by using the internet to connect all your devices and controllers. Thus, it sits firmly within the market of platforms that utilise the Internet of Things (IoT) to give building owners and managers granular access to every component of their systems.
In hardwired connections, your BMS would communicate to, say, your HVAC controller through a wired connection. Hardwired connections limit your access. But Niagara wireless internet connection gives you access through web browsers from anywhere. Connection via internet opens up possibilities. For example, it makes connecting new devices much easier. Management is easier too. Check the status of your fire safety systems while at home or on vacation.
Now, give Tritium’s definition another read: “Niagara Framework is a comprehensive software platform for the development and deployment of connected products and device-to-enterprise applications.” Hopefully, you understand it a bit better now.
Summary
Many systems make up today’s buildings. Fire alarms systems, HVAC systems, access systems and security systems to name a few. Today, most modern buildings have automated the management and operation of these systems. The Internet of things has streamlined management of systems, with sensors, devices, and equipment sending streams of data back for collelction and display to stakeholders.
The Niagara Framework is essentially a system of systems, a software architecture designed to integrate multi-vendor building automation systems (BAS) under one umbrella platform. It improves flexibility in managing, connecting, and visualising of your properties and data.
Software-as-a-service (SaaS) is a growing trend in FM because of several advantages cloud-based services deliver over in-house development. For one, it’s generally cheaper to outsource your software needs rather than spend time and money developing a bespoke solution. Ramp up time is much faster too. The general wisdom is that FMs get a better product by letting the market do the heavy R&D lifting. Data accessibility and security is generally equivalent or comparable to in-house IT, provided you do your homework. To that end, here are some key SaaS components to consider during the procurement process. Download this SaaS procurement checklist for quick reference.
Mobile Access
Remote and hybrid work schedules are on the rise. Your team and your clients need the flexibility of mobile access to stay competitive. Look for a cloud-based software with admin/client access to most features, dashboards and data via mobile device and web browser.
Customer Support
Customer support is essential to seamless integration and service continuity, so invest some time here. Take advantage of free demos and trial periods to kick the tires on a vendor’s customer service. Submit a work order and note things like response times, professionalism, expertise and problem solving.
Pro Tip: If possible omit your company affiliation when creating a demo account. Companies often give a potential enterprise account better service than a single user.
Training Resources
Training resources ensure a smooth integration, and any SaaS vendor worth their salt will offer a healthy library of video tutorials, how-to guides, in-office training and online resources for you and your staff. Have your staff sample a few offerings and rate them for accessibility, clarity and ease-of-use.
Data Security
Given the rise in ransomware attacks, data security is a priority, and most SaaS platforms collect some data on you and your users. Data storage, collection and encryption are a security and compliance issue, so ask about these practices. If a vendor isn’t forthcoming, it may be a red flag. Look for security standards and certifications for cloud-based software. These credentials might include Cloud Industry Forum certification or compliance with international standards for cloud-based security such as ISO-27001.
Data Ownership
Who owns your data is also a key consideration, especially when and if you ever switch to another vendor. So, ask about the data transfer process to other platforms. How complicated is retrieval? Can you simply download a spreadsheet or does the vendor collect it for you? The vendor may claim rights to your data beyond the contract end date. Does this violate your own privacy policies? Ensure these data ownership topics are clearly spelled out in your SLA.
Integration
Software platforms need to easily integrate with your connected systems, like your BMS, CRM or billing software. Check the vendor’s list of supported brands and models. But even if your systems are supported, the integration process may take more time than you want. Ask for a time frame for getting up-and-running with the platform before making your final procurement decision.
Pricing Model
SaaS companies often use their pricing schemes to “hide” add ons and upsells for new features after purchase. Read their pricing page carefully. Even if the annual plan is cheaper, it may contain stipulations like extra costs for adding accounts or transactions. Month-to-month plans will have limited features, so check the pricing comparison list to see which ones you’ll be missing out on with a basic plan.
Pro Tip: If a platform offers “custom” pricing for enterprise accounts, take the opportunity to negotiate a lower price based on your evaluation of the product. For example, the lack of adequate training resources might justify a lower annual price.
Customer Reviews
For real-world usability, go to the source: customers. Review sites like Capterra and G2 Crowd offer descriptions and consumer ratings of all types of products. Sites like these also let you make an apples-to-apples comparison of SaaS platforms, their features and prices.
Usability
Ill-designed SaaS platforms erode their effectiveness, so evaluate these key usability components:
User Interface
Pages, buttons and menus are organised in a logical way
There is a consistent look (i.e., colors and textures) from area to area.
The font is easy to read
Navigation
It’s easy to locate information
There’s a smooth flow when performing steps in a task
You can perform the same task from multiple places
Responsiveness
The website loads quickly
The interface works well on mobile devices and small screens
Also keep in mind that an ineffective interface is harder to learn, which can length the training process and cost you time and money.
Growth
Finally, during your SaaS procurement, decide whether your chosen SaaS will grow with your business. Does the company have a track record of innovation and growth? How easy is it to add new accounts for future employees? Is there a limit on the number of users? Does the company have plans for expanding features? Answering these questions and others like them will get your better idea of whether a specific SaaS will meet your future needs.
Ransomware attacks are now a global threat. Between 2019 and 2020, attacks rose by 62% worldwide according to the 2020 Internet Crime Report. Attacks like the Colonial Pipeline in May 2021 are high profile cases that garner media attention, but SMBs and facilities of every size are now targets of cyber thieves.
Hospitals and medical facilities are favored targets because they house sensitive medical records. Facilities like these are in no position to bargain with cyberthieves, and they end up paying hefty ransoms to recover sensitive information. And the financial fallout from ransomware attacks is significant, with security experts estimating global ransomware losses to hit $20 billion in 2021, which is 57 times the cost just five years ago.
There’s a lesson to be learned for facilities managers: letting your properties become vulnerable to a ransomware attack is costly. Instead of paying cyberthieves, invest resources into mitigating your risks: shoring up your IT services, educating staff and creating response plans.
What is Ransomware?
Ransomware is a type of malware that enters your computer system and/or network and encrypts your data. Users lose access to files, applications and/or their databases. To decrypt the data, cyberthieves demand a ransom, and if the ransom isn’t paid, the data is destroyed.
Ransomware finds its way into most systems through direct attacks on software weaknesses or by exploiting human error through phishing emails. Once it infects your system, ransomware is programmed to spread to connected devices, encrypting more documents, spreadsheets and photos as it grows.
Train Staff on Cybersecurity Best Practices
Cyberthieves exploit human weakness to gain access to your data. It only takes one staff member clicking on the wrong email link to put your building data and tenant info at risk. That’s why beefing up your team’s cybersecurity skills is a top priority. Cybersecurity habits like these help you avoid many types of computer viruses and malware.
Updating Operating Systems
Operating system (OS) updates include the latest virus signatures and definitions. Older versions don’t, which makes them more vulnerable to cyber attack. Have your team set up auto updates for their Windows and Mac OS and installed programs. That way, forgetting isn’t an issue.
Identifying Phishing Emails
Email is a common entry point or “attack vector” for cyber criminals to deploy malware, and humans are notoriously susceptible to their exploits. Train your staff how to identify a phishing email to keep your network free of ransomware.
Creating Strong Passwords
Weak passwords let cyberthieves walk right into your facility network. Unfortunately, too many employees opt for weak, yet popular, passwords like “123456” because they’re easy to remember. Teach your team the simple steps of creating a strong password or consider investing in a password manager, which automates the process of creating and remembering strong passwords.
Turn on Two-Factor Authentication
Remind your team to implement two-factor authentication when possible. Turning this feature on adds an extra layer of security by requiring the users to identify themselves with a mobile device or an authentication app. Each user typically authenticates their sign in through a PIN number or biometric scans like a fingerprint.
Backup Your Data
Since ransomware targets your data, backing it up can help mitigate losses from encryption. Still, data backup has its limitations and can’t protect you like an anti-malware software, for example, but it does offer the insurance of data replication. In other words, it’s an after-the-fact solution rather than real time protection.
Data Assessment
The first step in building effective backup is making sure you are backing up ALL your data. Some FMs may manage multiple facilities, each having separate databases and devices. Do you know where your critical info is stored? What about your team members? Are those with assigned devices backing up their data correctly? Critical data can easily be overlooked, which is why experts suggest conducting a data audit.
3-2-1 Rule
Data storage experts often advise business to follow the 3-2-1 Rule:
Make 3 copies of your facility data: a production copy and two backups).
Store your copies on 2 different media types (e.g., USB Drive, CDs, magnetic tape).
Keep 1 copy offsite from your facility.
Ransomware moves throughout your system, and any connected devices are susceptible. The intention of the offsite rule is to “air gap” your data, removing it from the network completely. Cloud storage is considered “off site” but is also susceptible to the same attack if backups are updated too quickly. In other words, your cloud storage could begin backing up already encrypted data before you became aware of the attack. This is a risk for most backup systems, which is why physically disconnected storage is essential.
Get Ransomware Detection Software
Cloud-based companies like Microsoft build ransomware detection into their online storage platforms (i.e., OneDrive), but if you’re not using cloud-based storage, this doesn’t help. For an added layer of protection against malware, invest in a cybersecurity software that meets your needs and budget. Most major cybersecurity software brands include ransomware protection and decryption tools within their plans. While malware software isn’t a replacement for good cybersecurity habits and data backups, it does add redundancy to your system.
Include Ransomware in Your IRP
Ransomware attacks are high-pressure situations. Time is critical, and decisions have to be made on the fly. So preparation is key. Ensure your incident response plan (IRP) includes ransomware mitigation strategies. There are several basic steps most experts agree businesses should take when attacked by ransomware:
Don’t pay the ransom. Experts say paying only puts you at risk of being targeted again. Plus, acquiescing only makes the problem worse for everyone else by financially incentivising the criminals.
Disconnect devices. Your first move is to stop the malware infection. Disconnect your devices from your network and the internet. Unplug ethernet cables. Remove storage devices like thumb drives. Disable wireless connection (wifi) on your mobile devices.
Get evidence. Take photos (with an uninfected phone) of the ransom notes and any correspondence with the thieves.
Run a malware scan. Use the Task Manager on your Windows 10 devices to run a scan for ransomware. Shut down any Apple devices.
Reset passwords. Change your passwords for your admin accounts.
Get help. Solicit professional IT services for advice or help. You will likely need their services to ensure your network and devices are free of malware before reconnecting.
Report the incident. Government cybersecurity agencies like CERT (NZ) can help you navigate the incident, record the attack and notify other businesses of the threat. Other reporting agencies include IC3 (US) and ActionFraud (UK).
At some point, you may want (or be legally required to) notify your tenants of the data breach. If there is a potential for the malware to spread to your tenant’s networks, early notification will help their office managers execute their own IRP’s. If cross-contamination is a low risk, you might move notification to a lower priority. Consult legal experts around your specific reporting requirements and adjust your IRP accordingly.
When protecting your facilities from malware attack, think in terms of “layers” of protection. You and your team members are the first layer of defense. Your virus software is another. The more stopgaps you have, the better your chances of avoiding infection. It pays to invest a little time and money up front than to deal with the fallout from a successful hack. And remember, when it comes to ransomware, you’re not an island. Successful criminals go on to rip off other businesses, so your action or inaction directly affects the profitability of others.
