• ID 213710213 © Anyaberkut | Dreamstime.com
    67ebf15298373be3e9d8b6b1 Dreamstime M 213710213

    Cybersecurity Measures for Electrical Maintenance Professionals

    April 1, 2025
    Six common mistakes that can lead to a security breach

    Cyber attacks have been a thing for a long time now. Many facilities have taken measures against them, such as requiring two-step verification and more complicated passwords than “admin.” Those that have hired a security consultant and followed the recommendations are reasonably safe from cyber attacks compared to those that have taken a less rigorous approach.

    But even if a facility goes full bore in cyber attack prevention at the software and server level, it may be vulnerable to many other types of security breaches. Let’s look at six typical mistakes that employees can make with the result being a security breach.

    1. Piggy-backing door keys. This seems like a real time-saver, so people often see nothing wrong with opening the door for another person or letting another person go through with them despite not using their own key. A physical barrier such as a keyed door is a great defense. Note that a “key” can be a plastic card or it can be biometric.
    2. Bypassing or defeating door interlocks. These can be so pesky, and since only maintenance people work in those cabinets why bother keeping the door interlocks? Ask yourself why those interlocks are there in the first place. Answer: Maintenance people would otherwise not be the only people with access to the cabinet. Computers are often locked in such cabinets to prevent physical access to their USB ports, through which malware can be installed or sensitive information downloaded.
    3. Sharing security credentials. Think of how lockout/tagout requires individually assigned locks. That same concept must apply to security credentials, they must be uniquely assigned to individuals. Yes, there can be a “master key” (same as in lockout/tagout) but it should be unknown to and inaccessible to everyone except the designated master key holder(s).
    4. Giving out security credentials. A contractor says he needs access but hasn’t been cleared yet or there is some other issue. So you do him a favor and let him use your credentials. That’s like giving another person a key (or combination) to your lockout/tagout locks.
    5. Falling for social engineering scams. These come in many varieties, but the typical aim is to get one part of a security credential. Many people think that an anonymous call allegedly from the IT department to “check” their password by asking them for it poses no threat because it’s only half of the username/password protection. However, user names can easily be mined from personnel directories. Don’t give out any information to anyone who contacts you. If you first make the contact, ensure that you are contacting someone legitimate.
    6. Leaving your tablet or workstation unattended if you are logged in. When performing maintenance, things arise like needing to go to the shop for something you didn’t know you’d need. You hate to log out and lose where you were. But if you can’t take your tablet or other device with you, then log out. If you must leave a device unattended out in the field, it’s best to lock it up so that someone can’t insert a thumbdrive with malware, turn the machine on, and infect it. Or they may simply steal it, and then leisurely take from it whatever information they want.

    A qualified security consultant can identify many more such mistakes. If your facility hasn’t had a pro look for practices that can lead to security breaches, that’s an oversight that needs to be addressed. And everyone needs to be trained to change their behavior to align with the necessary security practices. Generally, these are pretty simple.

    About the Author

    Mark Lamendola

    Mark is an expert in maintenance management, having racked up an impressive track record during his time working in the field. He also has extensive knowledge of, and practical expertise with, the National Electrical Code (NEC). Through his consulting business, he provides articles and training materials on electrical topics, specializing in making difficult subjects easy to understand and focusing on the practical aspects of electrical work.

    Prior to starting his own business, Mark served as the Technical Editor on EC&M for six years, worked three years in nuclear maintenance, six years as a contract project engineer/project manager, three years as a systems engineer, and three years in plant maintenance management.

    Mark earned an AAS degree from Rock Valley College, a BSEET from Columbia Pacific University, and an MBA from Lake Erie College. He’s also completed several related certifications over the years and even was formerly licensed as a Master Electrician. He is a Senior Member of the IEEE and past Chairman of the Kansas City Chapters of both the IEEE and the IEEE Computer Society. Mark also served as the program director for, a board member of, and webmaster of, the Midwest Chapter of the 7x24 Exchange. He has also held memberships with the following organizations: NETA, NFPA, International Association of Webmasters, and Institute of Certified Professional Managers.

    Voice your opinion!

    To join the conversation, and become an exclusive member of EC&M, create an account today!

    Continue Reading

    Sponsored Recommendations