Four Steps to Preventing Cyber Security Threats in your Manufacturing Business
Over the last ten years, Cyber Security threats have increasingly become a major problem for all organisations. Rather worryingly, the manufacturing sector is now reported to one of the most frequently hacked industries, second only to healthcare. i
Whilst some businesses plan to make a significant investment into cyber defences (totalling $1 Trillion globally over the next five years) it seems the manufacturing sector is lagging behind. A recent study held by Cisco revealed that 40 percent of manufacturing security professionals said they do not have a formal security strategy, nor do they follow standardized information security policy practices such as ISO 27001 or NIST 800-53. ii
With manufacturers increasingly using cloud, data analytics and mobile to improve their connectivity and infrastructure, this gives them greater level of exposure to attack. Cyber-attacks can be costly both financially and in terms of business reputation and legal standing.
Awareness and preparation are key to looking out for security threats and preventing them from materialising into a genuine threat. So what are the main things for you to look out for?
Phishing is on the Rise
One of the main cybersecurity threats on the increase is phishing or spear phishing. This involves creating emails to appear as if they’re from a trusted source (like a colleague, boss or client) that contain a link which the recipient is encouraged to click on. This allows the cybercriminals to gain access to the network and encrypt data until the business pays a ransom to “unlock” their files and data. To prevent this, and other malware attacks, employees should be made aware of the risks, shown how to spot phishing emails and encouraged to ask questions before opening any links they are not expecting to receive. At the same time, regular backups should be taken so that data is recoverable, even if it is compromised.
Internal Sabotage and Data Access
Manufacturers are not only at risk from external threats, but there is a chance that internal employees could also pose their own cybersecurity risks. Disgruntled employees or past employees who are able to access highly confidential information have the potential to cause real damage to your business. It is important to keep track of employee access; removing accounts and users once people leave, and implementing restrictions at different levels to limit the volume of confidential data that employees have access to, so that it is only those who are required to view specific information that can see it.
BYOD device and remote working threats
The chances are that many of your employees are not going to set out to sabotage your business and compromise data security maliciously; however, there are ways that employees also increase cybersecurity threats without realising. The most common of these threats is from Bring Your Own Device (BYOD) schemes which allow employees to work on-site and remotely using their own devices. This means that data can then be accessed from anywhere, and the data on the devices can be put at risk when the user is connected to an unsecured network. To prevent data being compromised, you should ensure that passwords and access are restricted to allow only necessary access and that remote access is through a secure VPN – which is essential if employees are working on a public WiFi network.
Prevention through Education
There are many cyber threats that manufacturers face every day, but it is not impossible to reduce the risk of you falling victim to these attacks. Educating your users and delivering cybersecurity training is central to ensuring that they don’t make themselves a target.
If you’d like some help training your users on cyber security, give Systems Assurance a call today on 0114 292 2911 to discuss our training sessions.