Dealing with Cyber Attacks–Steps You Need to Know

This article originally appeared on advancedmanufacturing.org. Guest blog post by Elliot Forsyth, Vice President of Business Operations at the Michigan Manufacturing Technology Center, part of the MEP National Network^TM.

Any business owner knows that information is a vital part of running a company. As manufacturing increasingly becomes more digitized, cybersecurity must become a standard component of doing business. If sensitive information—such as employee records, customer transactions or proprietary data—is comprised, it can have a devastating effect.

That’s why more and more manufacturers are taking steps to protect their information via good information security practices.

While cybersecurity may seem like a daunting issue for small and medium-sized manufacturers (SMMs)—either because of costs or limited technical knowledge—it’s essential that everyone in the supply chain begins to develop practices to protect their—and their customers’—digital property.

According to the U.S. Department of Homeland Security, the manufacturing industry is the second most targeted industry when you look at the number of reported cyber attacks. Why?

Cyber criminals view SMMs as prime targets precisely because many of these companies do not have adequate preventative measures in place. This makes SMMs incredibly vulnerable, which could result in:

• Loss of information critical to running the business
• Decreased productivity
• Damage to information or information systems
• Regulatory fines and penalties / legal fees
• An adverse reputation or loss of trust from customers
• Damage to credit and inability to get loans from banks
• Loss of income

The median cost of a data breach is $60,000, according to the 2016 NetDiligence Cyber Claims Study. After a data breach, companies face not only lost business, but they must regain their customers’ trust, which can often be a time-consuming and expensive endeavor.

So what is a smaller manufacturer to do? Fortunately, the National Institute of Standards and Technology (NIST) has developed a practical framework for cybersecurity that can be implemented by businesses of any size. Available online, it can be further explained by local representatives of the MEP National Network, the go-to experts for advancing US manufacturing, who can also help with the implementation of cybersecurity best practices for the near and long-term.

The 5-Step Cybersecurity Framework for Manufacturers

While the NIST Cybersecurity Framework is a comprehensive set of guidelines for companies that want to get a better handle on cybersecurity to reduce and manage risk, it includes a series of simple, low-cost steps that have been tailored to meet the needs of all companies, including SMMs.

For a complete walkthrough, see pages 15–27 of the publication “Small Business Information Security: The Fundamentals”. Here though, is a quick overview of the five steps a manufacturer can take to handle cybersecurity risks.

Five steps any manufacturer can take to handle cybersecurity risks, per the NIST cybersecurity framework.

1. Identify: The first step in a deliberate cybersecurity strategy is to understand your resources and risks.

• Identify and control who has access to your business information

• Conduct background checks
• Require individual user accounts for each employee
• Create policies and procedures for cybersecurity

2. Protect: If you experience a cyber-attack, you need to be prepared to resist.

• Limit employee access to data and information
• Install surge protectors and Uninterruptible Power Supplies (UPS)
• Patch your operating systems and applications routinely
• Install and activate software and hardware firewalls on all your business networks
• Secure your wireless access point and networks
• Set up web and email filters
• Use encryption for sensitive business information
• Dispose of old computers and media safely
• Train your employees

3. Detect: If an attack occurs, you’ll want mechanisms in place that will alert you as quickly as possible.

• Install and update anti-virus, anti-spyware and other anti-malware programs
• Maintain and monitor logs

4. Respond: If a cybersecurity breach happens, you’ll want to contain and reduce any damage.

• Develop a plan for disasters and information security incidents

5. Recover: After a cybersecurity breach, you’ll need mechanisms in place to help resume normal operations.

• Make full backups of important business data and information
• Continue to schedule incremental backups
• Consider cyber insurance
• Make improvements to processes/procedures/technologies

How Does Your Cybersecurity Hold Up?

For most SMMs, the security of their information, systems, and networks is not the highest priority given everything else they’re faced with. But an information security or cybersecurity incident can be detrimental—or even catastrophic—to their business, customers, partners and suppliers. It’s important that manufacturers understand and manage cyber risks by establishing a cybersecurity program to protect their assets.

If you would like to better understand your current cybersecurity risk, you can use the MEP National Network Cybersecurity Self-Assessment Tool, or connect with your local MEP Center by calling 800-MEP-4MFG.