However, whether through lack of IT knowledge, time or resources we’ve seen plenty of projects rapidly heading to ruin due to avoidable errors.
We specialise in helping BMS and building services businesses design and deploy IT networks for their projects. This typically means that projects can be delivered faster and easier.
Below is a list of the most common errors we’ve found whilst working on building services projects. If you’d like your networked projects to run smoother call us on 01858 438 500; download our latest BMS engineering guide here.
Many BMS devices will be shipped with a default account to enable engineers to configure it. It sounds crazy, but it’s only recently that many device vendors have cottoned on to the fact that you shouldn’t publish the default username and password on the web!
If your devices have a default account make sure that you at least change the default password to a strong one. If possible, check with the manufacturer to see if you can delete that default account. Then don’t forget to store those account details somewhere safe and secure.
This is a request we hear so many times from engineers. OK, it may be easier to commission your 1000s of field devices on a single IP subnet using the native VLAN, however this is a bad strategy for so many reasons.
First, many BMS field devices use protocols that send broadcast messages to the rest of the devices on the network. An increase in devices means an increase in broadcast messages which in turn means an increase in overhead for the network and devices to deal with, all of which means a slower network.
Second, if a device fails and starts creating a broadcast storm you’d lose the entire network. Where do you start looking to identify the problem device?
Third, you could have head ends and controllers on that same flat network. This means you’ve created a larger security vector for malicious actors to attack.
When planning your network consider segmenting the network at layer 2 (VLAN) and layer 3 (IP subnet) levels. A good way to do this is to divide the devices into logical categories, for example HVAC, CCTV, lighting control, door entry etc. Keeping these on separate logical networks will make it easier to add devices in the future, will improve network resilience and will make the network easier to monitor and manage.
Switch ports are the point of entry to the network. For larger BMS projects, where you may have switches throughout a building, this means that you’ve got many network entry points to manage – security alert!
You may want building services engineers to be able to access all building devices from any switch, so how do you balance that security risk without making the engineer walk a marathon?
One way is to lock down all unused switch ports, allocating them to a black hole VLAN, and having one dedicated port per switch for the building services engineers. For additional security, you could enable port protection – locking the ports down to specific laptops or devices.
Again, something we see a lot of is remote access connections to building services network without any security measures. Typically these are Internet broadband connections directly connected to the network.
Exposing your network to the web, without appropriate security measures, is a no-no. From our testing it takes about two weeks for a port scanned IP address to percolate around the darker edges of the web. In no time at all, like dipping a bleeding leg into a shark pool, the network will be attacked from all angles.
The best way to provide secure remote access is to avoid the Internet altogether. Private broadband connections, that don’t connect to the Internet, are often the same cost as Internet connections. Find out more about these in our latest guide: Remote Access Connections for Building Services Projects.
We are an established IT provider and have recently won a number of large contracts that has prompted expansion of our engineering team.
Two of those positions have now been filled. However, we are still looking for an Network Engineer. The role will be based in our headquarters at Market Harborough. The successful candidate will be joining our established engineering team, supporting the delivery of projects and clients’ infrastructure.
The role present a fantastic opportunity for an engineer that wants to further their career in IT as you’ll be working on a variety of exciting projects as well as providing business as usual support for our clients’ IT. We value learning and development, and you’ll be encouraged to continue to expand your skills and accreditation. We work with best of breed technology, including Cisco, Microsoft, NetApp and VMware.
Recent projects that we’ve delivered include:
For more information please download the job description below, or contact Chris Topham on 01858 438 500.
Unfortunately for us the traits of that type include;
Worst of all, they have patience. These malicious actors can afford to play the long game. Employee data is freely available, from the SRA ‘Find a Solicitor’ website, and the industry’s fashion to advertise employees’ roles and contact details on their own website. This presents a large, low cost database to attack.
It’s a welcome report and could help in getting a cyber security conversation started in a practice. From our own, albeit anecdotal, evidence we block more highly targeted threats against our legal clients, compared to our non-legal ones.
However, we don’t believe the report goes far enough or is clear enough in its recommended actions that a law firm should take. With just a little investment, cyber security protection can be greatly enhanced.
Email phishing is a great example. Unless you are a multinational corporation, your email server probably resides in the UK. Many of the phishing emails you receive, spoofed to appear to come from a senior partner, will come from outside of the UK. An email filtering service, that probably costs less per month than a typical employee spends on coffee to go per day, could block those emails before they reach a colleague’s inbox.
At Abtec we take a layered approach to cyber security. Extending beyond technology, our approach encompasses an organisation’s processes and people. This way we can help protect your online and offline assets and reputation. See how we help other law firms get the most from their IT investment.
In this role you will support the administration of our customer projects by ordering hardware, software and communication products from our suppliers.
Download the job specification here.
To apply for the role, or for more information, please send your CV and cover letter to firstname.lastname@example.org.
The role would be ideal for recent graduates that have participated in a Cisco Networking Academy affiliated degree.
Send your CV and cover letter to email@example.com.
Recent penetration testing conducted against higher education institutions demonstrated a “100 per cent track record of gaining access to a higher education institution’s high value data within two hours.”
Was this directly due to a lack of cyber security technology exposing these institutes? Possibly not. The method of attack used in this research was electronic social engineering, specifically spear phishing emails.
So are we humans the weakest link in cyber security?
Many spear phishing emails will spoof the recipient’s domain name, more often than not appearing to come from a senior colleague. The emails will request either a supplier payment be made or an action that requires the opening of an attached document. That sophisticated knowledge or the recipient’s organisation is what makes these emails so successful.
But there are steps we can take to protect our organisations.
There are a host of ways in reducing your risks of falling foul to phishing emails, here are two examples.
If you have an email filtering service you could block emails with your own domain if the email doesn’t come from your mail server. A good mail filtering service will enable legitimate emails with your domain that aren’t sent from your mail server, such as an email marketing engine or an online CRM system, to get through. This action can reduce the volume of threats received.
How many times have your colleagues had training on how to spot phishing emails? Maybe not many. There are several simple steps that every user can take to help identify phishing emails. Arming users with that information, and then checking their actions with organised phishing email testing can reduce the number of malicious emails acted upon.
Reducing the quantity of phishing emails a user receives and empowering users to spot them are just two ways in which we can help you reduce your risks from these attacks and strengthen your security.
Call Abtec on 01858 438 500 today to find out how we can help you reduce your risks.
The BBC News website has produced an interesting profile of one of our projects, the Hinkley Point C workers’ campuses.
As well as providing the IT and communications infrastructure for these sites, we’ve also got an onsite team managing the infrastructure.
Find out more here:
It’s only February and two huge data breaches have already been identified. Collection #1 and Collection #2-#5 contain an estimated 3 billion email addresses and passwords.
You can find out if you’ve been affected here: https://sec.hpi.de/ilc/search
This is yet another reason to review your IT infrastructure’s security measures. Network and infrastructure attacks take many forms. These data breaches raise potential vulnerabilities in remote network access and email security. Unfortunately, many people will still use the same password, or variations on a password, across multiple applications. Forcing colleagues to use strong passwords is the first step in improving security, and implementing a rule to change passwords at regular intervals can help too. However, these can open other security issues, for example people sticking passwords to monitors in plain view of everyone else!
There are better strategies to take in securing your infrastructure. Contact Abtec on 01858 438 500 to book a security review to identify the best for you.
Also, download our Building Better Disaster Recovery Plans guide to find out more ways to prevent unplanned interruptions to your infrastructure.
No one likes interruptions to their IT services, they cost time and money. As the nights draw in, it’s a good opportunity to review how prepared your infrastructure is to combat disruption.
We’ve built a guide, download it here, to help you perform that review. It’s called ‘Building Better Disaster Recovery Plans’. The point behind it is that we spend time creating DR plans for high impact, low probability events, but often it’s the small, everyday disruptions that cause more problems.
In this guide we share some of steps we take with clients to reduce IT disruption.
As ever, if you need any support improving your IT infrastructure’s preparedness for disruption give us a call on 01858 538 500. We’ll be happy to help.
Abtec’s engineers continue their great work on the second accommodation block for the Hinkley Point C new nuclear power station project.
Hinkley Point C, the first nuclear power station to be built in the UK for over 20 years, is one of the largest construction projects in Europe. To accommodate many of the 3,100 workers on site, two workers campuses have been built.
We’ve been working on the project for the last two years, designing, installing and supporting the IT and communications infrastructure, for the accommodation blocks. Our four onsite engineers provide IT support for the accommodation manager’s employees, Host 2 Ltd. They also manage and maintain the tech we’ve designed and installed, including;
Our engineers are currently building the infrastructure for the second block of accommodation, with 1500 rooms, in readiness for its opening in December.