MAMTC MINUTES (June) - Half of manufacturers experienced data breaches
Half of manufacturers experienced data breaches in past year, report finds
The Department of Homeland Security's cyber-security agency is warning of increased malicous cyber-activity. While large manufacturers may become victims due to their name and the news value, small and medium-sized manufacturers (SMMs) are vulnerable because they’re less likely to have strict security protocols in place, making them easy targets.
"Manufacturers face a barrage of cybersecurity threats today, and half of companies have fallen victim to at least one data breach during the past 12 months, according to the 2019 Manufacturing and Distribution Report from professional services firm Sikich. Of the 50% of respondents who said their companies experienced data breaches, 11% said they had experienced "major" breaches. Still, executives believe their companies can thwart attacks. A majority (54%) said they are "extremely" or "very" confident in the ability of their companies to prevent or minimize the impact of data breaches.
"Cybercriminals have moved on from focusing primarily on organizations rich in sensitive personal data, such as financial or health care institutions," said Brad Lutgen, partner-in-charge of Sikich's cybersecurity practice. "Instead, they target any organization with IT weaknesses and attempt to turn a profit through ransomware and other cyberextortion techniques. In response to this growing threat, manufacturing executives must make security a core corporate priority and push forward the implementation of preventative measures in their organizations."
The report found that many manufacturers – especially those with revenues under $500 million – neglect key cybersecurity preparedness efforts. Overall, less than 40% of these smaller companies perform cyber audits (38%), penetration testing (33%), security assessments of vendors (32%) and phishing exercises on employees (31%).
The surveyed participants spanned the industry, including wholesale and distribution; industrial equipment; metal fabrication; apparel, footwear and textiles; chemicals and petroleum; aerospace and defense; and food and beverage."
Sikich LLP is a global company specializing in technology-enabled professional services. (PRNewsfoto/Sikich - Press Release here)
So what are some steps manufacturers can take to reduce the risk of a cyberattack?
1. Install Antivirus Software
To protect against viruses, spyware, and other malicious code, make sure all computers are equipped with antivirus software and anti-spyware. Software is available online from a variety of vendors, and most regularly provide patches and updates to correct vulnerabilities and improve functionality. Be sure to configure all software to install updates automatically.
2. Secure Your Networks
Safeguard your Internet connection by using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. In addition, if you store sensitive information on servers or databases, be sure to encrypt it. If an employee can easily export sensitive data as an unencrypted file, that data is not secure.
3. Educate Employees
Employees can often be a manufacturers biggest vulnerability, so education is key. Make sure employees are aware of online threats and understand how to protect sensitive data; consider providing examples of what a suspicious email may look like, and who to report it to. A comprehensive course with a cybersecurity expert may be most beneficial.
4. Restrict Employee Access
Review employees’ roles and privileges regularly to be sure they are only able to view and access data that is necessary to their assigned job. This way, if an employee falls victim to an attack, the spread and scope of the attack will be minimized. With more and more employees working from home or remotely, restricted access is a necessity.
5. Use Strong Passwords
It may seem like a hassle having to use upper and lowercase letter, numbers, and special symbols, but it’s an easy way to prevent cyber threats. For extremely sensitive data, you might also consider implementing a two-step authentication system to gain entry.
6. Backup Critical Data
Regularly backup the data on all computers. If a breach occurs, you’ll want to recover your data quickly, and regular backups are the best way of doing this. Consider both onsite and offsite backups (you can utilize the cloud for this) to reduce downtime regardless of the severity of the breach. Backup data automatically if possible, or at least weekly.
7. Purchase Cyber Insurance
Cyber insurance can’t help you retrieve data, but if you’re dealing with sensitive customer information, such as social security numbers or credit card information, an insurance policy can cover your liability if a hacker steals or gains access to this data. A recent Industry Today story outlines the need, and the types of insurance available, to SMMs.
8. Consider a Partner Cloud Provider
If all this sounds daunting, you may consider moving to a Virtual Private Cloud (VPC) hosted by a reputable cloud provider. VPCs offering heightened security, compliance, and can even have significant cost benefits. A Disaster Recovery as a Service (DRaaS) provider or Security as a Service (SECaaS) can also help protect your data and your recovery time in the event of attack. Plus, many providers operate more as a partner, giving you access to IT experts 24/7.
It’s no longer enough to hope for the best. Today, manufacturers must plan for the worst. By increasing internal security protocols or considering an external vendors to monitor dangers for them, manufacturers can protect themselves and their customers from the ongoing threat of cyber attacks.
For additional information and resources, such as access to the complimentary Small Business Information Security guide created by NIST/MEP and the ability to watch MAMTC's Cybersecurity - "Keep Your Manufacturing Business Safe" webinar video replay, head to MAMTC's Cybersecurity webpage.