5 Steps Manufacturers Can Take for Cybersecurity

How do shop employees log on to computers? Do people share login credentials? Are there machines connected to the computer workstations that have internet accessibility? These are a few questions that can help manufacturers become more cybersecure. Photo Credit: thisisengineering

Chances are, we can all think of a small business who has suffered the consequences of a cybersecurity attack. Statistics are varied but sobering when it comes to the likelihood that a business will be compromised at some point.

Many small businesses brush off the need for investment into cybersecurity protection. Why spend exorbitant amounts of money on something that isn’t revenue-generating, especially when it is an aspect of business operations most manufacturers are so unfamiliar with? Most shop owners know speeds and feeds, not whitelisting and blacklisting.

Then, there are the businesses who are hearing frequent chatter about cybersecurity compliance requirements related to government contracts, such as NIST 800-171 and CMMC.

Regardless of industry specialization or contract requirement, all businesses need cybersecurity protection. Here are five very basic practices any small business can implement today with minimal financial investment:

1. Identify the What and Who

Locks on the doors and a working alarm system are physical security requirements put in place to deter crime. Now, it’s time to protect the next layer of infrastructure.

Good idea: Maintain a log at the front desk for visitors. Take a piece of paper and pen, and walk around the shop. What connects to the internet? Who has access to these computers?

Better idea: Determine how authorized personnel enter the shop. Do they use a card or keyfob? How do employees log on to computers? Do people share login credentials? Are there machines connected to the computer workstations that have internet accessibility?

ISO9001 or AS9100 shops should consider their quality management systems: Requirements exist for traceability and accountability. Treat inventory and access control the same way. How involved these lists are may be driven by the complexity — or simplicity — of the shop size and existing use of technology.

2. Implement Employee Training

The human factor is always present. A shop’s employees are its first line of defense.

Good idea: Train employees for cybersecurity. They should learn to identify phishing emails and watch for people impersonating managers over email, text or phone.

Better idea: Make this training ongoing. There are plenty of companies that offer regular training to help employees identify network compromises, phishing emails and insider threats. These same companies can also help employees learn to navigate the internet safely and become more reliable gatekeepers of company data.

3. Planning for the “What-If?”

It’s not “if,” it’s “when.” How are you preparing? Most shops have plans in place for when a part is scrapped in-house. Shops must also have a plan to prevent being a target and a plan for what to do when the bad guys find you.

Good idea: Use multi-factor authentication (MFA). Microsoft suggests that over 99% of email compromises could have been prevented by simply using MFA. With a statistic like that, why would we not use MFA? Implementing MFA and ensuring there is malware protection on computer workstations is a good start to protecting your data.

Better idea: Come up with an emergency plan, also known as an incident response plan. An employee just accidentally clicked on an emailed link and now all the data is encrypted on the server. What’s company protocol? What are the right next steps?

There are lots of options to backup data. Depending on industry, the type of data and the amount of data that requires backup, some backup services are more expensive than others, but you know what’s really expensive? Going out of business.

4. Find Someone to Trust

How can manufacturers tell what services to use for employee training, antivirus protection or data backup when their specialty is manufacturing? Customers hire shops because they know how to make quality parts, on time — not because they know what registry keys are.

Good idea: Tap into industry associations. Reach out and ask for recommendations from peers.

Better idea: Once those peer recommendations come in, connect with these network and cybersecurity professionals on LinkedIn. Schedule a phone call, read what they post and interact in conversations.

5. Put it on the Calendar

It can be daunting to put yet something else on the shop’s to-do list, but cybersecurity is not a slow cooker: You don’t “set it and forget it.”

Good idea: Regularly update shop software and patch — this is not just important following a global breach or announcement of some major company’s hack. Consider cybersecurity insurance each year, including coverage for if a supplier is compromised, which can affect a shop’s ability to get product out the door.

Better idea: Just like in ISO9001 and AS9100, create policies and procedures that outline how cybersecurity is handled at your company: From the steps to take when a new user is onboarded to incident response and everything in between. Review these policies annually.

For some businesses, this short list may seem like an oversimplification of industry requirements. But for those that feel overwhelmed and behind the curve, remember: Every small step toward the “good” gets you closer to “better.”

Like anything in business, it’s all about risk management. We know the risks. How are we going to mitigate them?

About the Author

Allison Giddens

Allison Giddens is president at Win-Tech Inc. and a perpetual learner, with degrees and certifications in Psychology, Criminal Justice, Manufacturing Engineering, Conflict Management, Event Planning, Cybersecurity Risk Management and Comedy Linguistics. She serves on the local Women in Manufacturing Georgia Board of Directors as Treasurer, NTMA’s Audit Team, the CMMC-AB Industry Advisory Group and ND-ISAC Small Business Working Group as a co-lead.