Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Dealing with Cyber Attacks–Steps You Need to Know

Dealing with Cyber Attacks–Steps You Need to Know

Photo Credit: iStock.com/solarseven

This article originally appeared on advancedmanufacturing.org. Guest blog post by Elliot Forsyth, Vice President of Business Operations at the Michigan Manufacturing Technology Center, part of the MEP National NetworkTM.

 

Any business owner knows that information is a vital part of running a company. As manufacturing increasingly becomes more digitized, cybersecurity must become a standard component of doing business. If sensitive information—such as employee records, customer transactions or proprietary data—is comprised, it can have a devastating effect.

That’s why more and more manufacturers are taking steps to protect their information via good information security practices.

While cybersecurity may seem like a daunting issue for small and medium-sized manufacturers (SMMs)—either because of costs or limited technical knowledge—it’s essential that everyone in the supply chain begins to develop practices to protect their—and their customers’—digital property.

According to the U.S. Department of Homeland Security, the manufacturing industry is the second most targeted industry when you look at the number of reported cyber attacks. Why?

Cyber criminals view SMMs as prime targets precisely because many of these companies do not have adequate preventative measures in place. This makes SMMs incredibly vulnerable, which could result in:

  • Loss of information critical to running the business
  • Decreased productivity
  • Damage to information or information systems
  • Regulatory fines and penalties / legal fees
  • An adverse reputation or loss of trust from customers
  • Damage to credit and inability to get loans from banks
  • Loss of income

The median cost of a data breach is $60,000, according to the 2016 NetDiligence Cyber Claims Study. After a data breach, companies face not only lost business, but they must regain their customers’ trust, which can often be a time-consuming and expensive endeavor.

So what is a smaller manufacturer to do? Fortunately, the National Institute of Standards and Technology (NIST) has developed a practical framework for cybersecurity that can be implemented by businesses of any size. Available online, it can be further explained by local representatives of the MEP National Network, the go-to experts for advancing US manufacturing, who can also help with the implementation of cybersecurity best practices for the near and long-term.

The 5-Step Cybersecurity Framework for Manufacturers

While the NIST Cybersecurity Framework is a comprehensive set of guidelines for companies that want to get a better handle on cybersecurity to reduce and manage risk, it includes a series of simple, low-cost steps that have been tailored to meet the needs of all companies, including SMMs.

For a complete walkthrough, see pages 15–27 of the publication “Small Business Information Security: The Fundamentals”. Here though, is a quick overview of the five steps a manufacturer can take to handle cybersecurity risks.

cybersecurity steps

Five steps any manufacturer can take to handle cybersecurity risks, per the NIST cybersecurity framework.

 

1. Identify: The first step in a deliberate cybersecurity strategy is to understand your resources and risks.
  • Identify and control who has access to your business information

  • Conduct background checks
  • Require individual user accounts for each employee
  • Create policies and procedures for cybersecurity
2. Protect: If you experience a cyber-attack, you need to be prepared to resist.
  • Limit employee access to data and information
  • Install surge protectors and Uninterruptible Power Supplies (UPS)
  • Patch your operating systems and applications routinely
  • Install and activate software and hardware firewalls on all your business networks
  • Secure your wireless access point and networks
  • Set up web and email filters
  • Use encryption for sensitive business information
  • Dispose of old computers and media safely
  • Train your employees
3. Detect: If an attack occurs, you’ll want mechanisms in place that will alert you as quickly as possible.
  • Install and update anti-virus, anti-spyware and other anti-malware programs
  • Maintain and monitor logs
4. Respond: If a cybersecurity breach happens, you’ll want to contain and reduce any damage.
  • Develop a plan for disasters and information security incidents
5. Recover: After a cybersecurity breach, you’ll need mechanisms in place to help resume normal operations.
  • Make full backups of important business data and information
  • Continue to schedule incremental backups
  • Consider cyber insurance
  • Make improvements to processes/procedures/technologies

How Does Your Cybersecurity Hold Up?

For most SMMs, the security of their information, systems, and networks is not the highest priority given everything else they’re faced with. But an information security or cybersecurity incident can be detrimental—or even catastrophic—to their business, customers, partners and suppliers. It’s important that manufacturers understand and manage cyber risks by establishing a cybersecurity program to protect their assets.

If you would like to better understand your current cybersecurity risk, you can use the MEP National Network Cybersecurity Self-Assessment Tool, or connect with your local MEP Center by calling 800-MEP-4MFG.

About the author

Elliot Forsyth

Elliot Forsyth is Vice President of Business Operations at the Michigan Manufacturing Technology Center (The Center). He joined the organization in July 2014 and is responsible for leading strategy, marketing, and business development, including the formation and implementation of The Center's cybersecurity practice area. Prior to joining The Center, Elliot had more than 20 years of broad, global business experience with an outstanding record of leading Operations, Strategy, and HR functions.

Related posts

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.