The word “cybersecurity” can be intimidating, but efficiently managing risks to your data, information, and technology assets is a foundational aspect of effectively operating a business. Many businesses only begin to look at cybersecurity and privacy when it is required by a customer or they experience an incident such as a data breach or ransomware attack. Don’t wait until it’s too late! The sooner you start managing these risks, the better able you will be to cost-effectively adapt and comply with customer or industry requirements and respond if an incident does happen.
Small and medium-sized manufacturers (SMMs) are especially vulnerable to a cybersecurity event: they often are less prepared for an event, have valuable information that is not well protected, are willing to pay ransoms in order to avoid costly disruptions, and act as entry points to other valuable targets. But because SMMs often have less complex operational needs and IT/OT infrastructures, they may be able to quickly take some basic steps to defend their information and systems. View and download the manufacturer’s guide to cybersecurity for small and medium-sized manufacturers for some easy steps any manufacturer should be able to implement to quickly and cost effectively address cybersecurity risk.
This guide is based on guidance in the Cybersecurity Framework and generally accepted cyber hygiene best practices. It is broken down into five steps: Identify, Protect, Detect, Respond, and Monitor. It also has some basic practices you and your employees can take immediately to protect your data and information.
If your company collects and processes data on humans, such as for product testing or quality control purposes, you should understand the privacy implications related to how that data is processed and used. Similar to the Cybersecurity Framework, the Privacy Framework also has five steps: Identify, Govern, Control, Communicate, and Protect. Check out this quick start guide to better understand how to identify and manage privacy risks.
As the manufacturing industry becomes more digitized, it is an increasingly popular target for cybercriminals. View this interactive infographic to explore potential vulnerabilities on your factor floor and review simple actionable guidelines to help mitigate risks.
Most manufacturers are required to follow some Cybersecurity and Privacy standards, laws, regulations, or requirements. These may come from Federal, State, Local, or Tribal Governments, be industry-mandated, or voluntary. If your company sells products to the U.S. government, you may be required to comply with the minimum cybersecurity standards set by FAR and DFARS. Learn more about complying with Cybersecurity and Privacy Laws and Regulations.
For additional information on cybersecurity, please contact your local MEP Center or email NIST MEP at mepcyber [at] nist.gov (mepcyber[at]nist[dot]gov).