{"id":10058,"date":"2023-05-17T08:54:59","date_gmt":"2023-05-17T14:54:59","guid":{"rendered":"https:\/\/limblecmms.com\/?p=10058"},"modified":"2025-05-30T13:03:58","modified_gmt":"2025-05-30T19:03:58","slug":"brightly-hack","status":"publish","type":"post","link":"https:\/\/limblecmms.com\/blog\/brightly-hack\/","title":{"rendered":"What the Brightly hack teaches us about CMMS data security"},"content":{"rendered":"

[vc_row kd_background_image_position=”vc_row-bg-position-top”][vc_column][vc_column_text]With the recent Brightly hack<\/a> of millions of user accounts, you aren\u2019t alone if you are wondering how CMMS or other SaaS software systems secure your data.\u00a0\u00a0<\/span><\/span><\/p>\n

We will share what there is to learn from this event about selecting a CMMS.\u00a0 We will also list what you and your team can do to keep your data safe, and your systems able to run maintenance without interruption.<\/span><\/p>\n

What the Brightly hack means for its customers<\/span><\/h2>\n

At this point, most of us have experienced or been notified that our data has been breached in some way or another.\u00a0 But what does it mean specifically when a CMMS\u2019s data is compromised?\u00a0<\/span><\/p>\n

Inconvenience for the maintenance workers using the system<\/span><\/h3>\n

At a minimum, hacks and data breaches present a major inconvenience for the victims of the attack. Going through the process of resetting passwords, informing impacted stakeholders, and performing incident response is a preventable drain on resources.\u00a0<\/span><\/p>\n

Breach of trust with the maintenance team\u2019s internal customers<\/span><\/h3>\n

Speaking of informing impacted stakeholders, data breaches can have a big reputational impact.\u00a0 Maintenance teams rely on a lot of user and company data to get their jobs done. And their organizations place a lot of trust in them to manage it well.<\/span><\/p>\n

In the case of a breach of <\/span>maintenance data<\/span><\/a>, internal data on operations, productivity, and budgeting is at risk. Organizations trust their maintenance managers and staff to choose their vendors wisely and take steps to protect this <\/span>data.<\/span><\/p>\n

Long-term financial and personal consequences<\/span><\/h3>\n

Any data breach can run the risk of long-term financial and personal costs for the users and companies involved.\u00a0 Identity theft and fraud carry real risks to individuals, and the cost of mitigating or compensating for those risks can be costly for companies.<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row content_placement=”middle” kd_background_image_position=”vc_row-bg-position-bottom” kd_top_separator_style=”skew-left” kd_top_separator_height=”separator-height-small” kd_bottom_separator_style=”skew-left” kd_bottom_separator_height=”separator-height-small” kd_top_separator=”true” kd_bottom_separator=”true” css=”.vc_custom_1682969636891{margin-bottom: 40px !important;padding-top: 120px !important;padding-right: 40px !important;padding-bottom: 50px !important;padding-left: 40px !important;background: #dde4e8 url(https:\/\/limblecmms.com\/wp-content\/uploads\/cta-laired-hex-4.webp?id=9077) !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;border-radius: 0px !important;}” css_tablet_landscape=”.vc_custom_1682969636891{padding-bottom: 80px !important;}” css_tablet_portrait=”.vc_custom_1682969636891{padding-bottom: 80px !important;}” css_mobile=”.vc_custom_1682969636892{padding-bottom: 80px !important;}”][vc_column][vc_row_inner kd_background_image_position=”vc_row-bg-position-top”][vc_column_inner]

CMMS Buyer's Guide<\/h2>

Learn the questions to ask and the features to look for during the CMMS selection process - and find the right CMMS for you.<\/h6><\/header>[\/vc_column_inner][\/vc_row_inner][vc_row_inner content_placement=”top” kd_background_image_position=”vc_row-bg-position-top”][vc_column_inner width=”1\/2″ css=”.vc_custom_1631866454223{padding-right: 50px !important;padding-left: 0px !important;}” offset=”vc_col-lg-6 vc_col-md-12 vc_col-xs-12″ css_tablet_landscape=”.vc_custom_1631866454223{padding-right: 0px !important;}” css_tablet_portrait=”.vc_custom_1631866454223{padding-right: 0px !important;}” css_mobile=”.vc_custom_1631866454224{padding-right: 15px !important;}”][vc_single_image source=”external_link” custom_src=”https:\/\/3975608.fs1.hubspotusercontent-na1.net\/hubfs\/3975608\/Content%20Downloads\/CMMS%20Buyers%20Guide%20Image.png”][\/vc_column_inner][vc_column_inner width=”1\/2″][vc_raw_html]JTNDc2NyaXB0JTIwY2hhcnNldCUzRCUyMnV0Zi04JTIyJTIwdHlwZSUzRCUyMnRleHQlMkZqYXZhc2NyaXB0JTIyJTIwc3JjJTNEJTIyJTJGJTJGanMuaHNmb3Jtcy5uZXQlMkZmb3JtcyUyRmVtYmVkJTJGdjIuanMlMjIlM0UlM0MlMkZzY3JpcHQlM0UlMEElM0NzY3JpcHQlM0UlMEElMjAlMjBoYnNwdC5mb3Jtcy5jcmVhdGUlMjglN0IlMEElMjAlMjAlMjAlMjByZWdpb24lM0ElMjAlMjJuYTElMjIlMkMlMEElMjAlMjAlMjAlMjBwb3J0YWxJZCUzQSUyMCUyMjM5NzU2MDglMjIlMkMlMEElMjAlMjAlMjAlMjBmb3JtSWQlM0ElMjAlMjJiYWI1YzFmNS04OGNmLTQyOTQtOTJlMy05NjJhNjU0ZGEyMGMlMjIlMEElMjAlMjAlN0QlMjklM0IlMEElM0MlMkZzY3JpcHQlM0U=[\/vc_raw_html][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row][vc_row kd_background_image_position=”vc_row-bg-position-top”][vc_column][vc_column_text]<\/p>\n

What your software vendor should be doing to protect your data<\/span><\/h2>\n

Any cloud-based software you are using should be forthcoming about their data security practices during the sales or customer support process.\u00a0 Some industries like healthcare and finance have regulations they are required to follow for the sensitive data they store. Aside from those regulations, there are 7 pillars of security that any SaaS company should follow.\u00a0<\/span><\/p>\n

    \n
  1. Strong authentication <\/span>and access management<\/span><\/li>\n
  2. Network control<\/span><\/li>\n
  3. Perimeter network control<\/span><\/li>\n
  4. Vendor management<\/span><\/li>\n
  5. Data protection<\/span><\/li>\n
  6. Governance and incident management<\/span><\/li>\n
  7. Scalability and reliability<\/span><\/li>\n<\/ol>\n

    How to vet a vendor’s security practices when you aren\u2019t a data security expert<\/span><\/h2>\n

    If you are a maintenance manager responsible for finding a CMMS solution at your organization, how do you evaluate a software\u2019s data practices when that isn\u2019t your area of expertise? Here are two approaches:<\/span><\/p>\n