Featured Product
This Week in Quality Digest Live
Management Features
Gleb Tsipursky
Believing things will normalize soon, many companies are unprepared for new waves of restrictions
Michael Weinold
GE’s exit from the lighting business is a warning to other players in the sector
Ken Voytek
Productivity will be even more critical as we recover from the current health and economic crisis
Gleb Tsipursky
Implicit bias: Identify, rectify, repeat
Martin J. Smith
How to shutter a business when the pandemic forces closure

More Features

Management News
How to develop an effective strategic plan and make the best major decisions in the context of uncertainty and ambiguity
What continual improvement, change, and innovation are, and how they apply to performance improvement
Good quality is adding an average of 11 percent to organizations’ revenue growth
Further enhances change management capabilities
Awards to be presented March 24, 2020, at the Quest for Excellence Conference, in National Harbor, MD
Workers more at ease about job security. Millennials more confident regarding wages.
46% of creative workers want video games in the office
A guide for practitioners and managers

More News

Steven Brand

Management

Cybersecurity for Manufacturers

Eight ways to prevent attacks

Published: Monday, June 25, 2018 - 12:01

Many consider 2017 the “worst year ever” for data breaches and cyber attacks, largely due to the rise in ransomware, and IT experts predict it’s only going to get worse. According to the Online Trust Alliance (OTA), a nonprofit that works to develop tools and best practices that enhance internet security, cyber attacks targeting manufacturers and others nearly doubled in volume from the previous year.

The worst of the worst? WannaCry, which struck in May 2017, infecting approximately 300,000 computer systems, encrypting files and demanding a Bitcoin payment to decrypt them.

Although large manufacturers may become victims due to their name and the news value, small and medium-sized manufacturers (SMMs) are vulnerable because they’re less likely to have strict security protocols in place, making them easy targets. According to studies by the Manufacturers Alliance for Productivity and Innovation and IBM, nearly 40 percent of surveyed manufacturing companies were affected by cyber incidents during the past 12 months, and 38 percent of those affected indicated that cyber breaches resulted in damages in excess of $1 million. Just ask Boeing. In mid-March of 2018, WannaCry reared its ugly head again, putting the aerospace industry on high alert. Concerns over whether vital airplane-production equipment could be taken down ran rampant, while SMMs serving Boeing wondered whether their facilities were at risk as well. Thankfully, the consequences of the attack were minimal, with Linda Mills, head of Boeing communications, reporting that the vulnerability was limited to only a few machines, and the deployment of software patches allowed for business to continue as usual.

There are other reasons manufacturers have a target on their production systems. For one, all manufacturing facilities are different, and there’s no one uniform cybersecurity policy that manufacturers can adopt across the board. In addition, many older facilities continue to use outdated legacy equipment, increasing their vulnerability. These factors and others even led to cybersecurity expert Roel Schouwenberg focusing on the threat of cyberattacks during his keynote address at the 2018 IndustryWeek Manufacturing & Technology Conference & Expo.

So, what are some steps manufacturers can take to reduce the risk of a cyberattack?

1. Install antivirus software
To protect against viruses, spyware, and other malicious code, make sure all computers are equipped with antivirus software and anti-spyware. Software is available online from a variety of vendors, and most regularly provide patches and updates to correct vulnerabilities and improve functionality. Be sure to configure all software to install updates automatically.

2. Secure your networks
Safeguard your internet connection by using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router. In addition, if you store sensitive information on servers or databases, be sure to encrypt it. If an employee can easily export sensitive data as an unencrypted file, those data are not secure.

3. Educate employees
Employees can often be a manufacturers’ biggest vulnerability, so education is key. Make sure employees are aware of online threats and understand how to protect sensitive data; consider providing examples of what a suspicious email may look like, and who to report it to. A comprehensive course with a cybersecurity expert may be most beneficial.

4. Restrict employee access
Review employees’ roles and privileges regularly to be sure they are only able to view and access data that are necessary to their assigned job. This way, if an employee falls victim to an attack, the spread and scope of the attack will be minimized. With more employees working from home or remotely, restricted access is a necessity.

5. Use strong passwords
It may seem like a hassle having to use upper and lowercase letter, numbers, and special symbols, but it’s an easy way to prevent cyber threats. For extremely sensitive data, you might also consider implementing a two-step authentication system to gain entry.

6. Back up critical data
Regularly back up the data on all computers. If a breach occurs, you’ll want to recover your data quickly, and regular backups are the best way of doing this. Consider both onsite and off-site backups (you can use the cloud for this) to reduce downtime regardless of the severity of the breach. Back up data automatically if possible, or at least weekly.

7. Purchase cyber insurance
Cyber insurance can’t help you retrieve data, but if you’re dealing with sensitive customer information, such as social security numbers or credit card information, an insurance policy can cover your liability if a hacker steals or gains access to this data. A recent Industry Today story outlines the need and the types of insurance available to SMMs.

8. Consider a partner cloud provider
If all this sounds daunting, you might consider moving to a virtual private cloud (VPC) hosted by a reputable cloud provider. VPCs offer heightened security and compliance, and can even have significant cost benefits. A disaster recovery as a service (DRaaS) provider, or security as a service (SECaaS) can also help protect your data and your recovery time in the event of attack. Plus, many providers operate more as a partner, giving you access to IT experts 24/7.

It’s no longer enough to hope for the best. Today, manufacturers must plan for the worst. By increasing internal security protocols or considering an external vendor to monitor dangers for them, manufacturers can protect themselves and their customers from the ongoing threat of cyber attacks.

First published on the CMTC blog.

Discuss

About The Author

Steven Brand’s picture

Steven Brand

Steven Brand is the strategic communications manager at  California Manufacturing Technology Consulting (CMTC) where he provides strategic communications expertise for all of CMTC’s programs and services. Brand also is an instructor of leadership and management courses at UCLA Extension.