You’ve already installed antivirus software, so your operations are now protected, right? Don’t be lulled into a false sense of cybersecurity. If you haven’t implemented the first cybercrime prevention steps to protect your Operational Technology (OT), your networked equipment may be vulnerable to an attack.
Manufacturers are increasingly becoming a target for cyberattacks. In 2018, for example, one manufacturer in Southwestern Ohio suffered a significant financial loss as the result of an email phishing campaign. The company had to reduce their workforce by 20% and the attack continues to affect the way the company does business today.
Your First Line of Defense: Your People
Just throwing money at malware protection software is like locking your home’s front door and windows while leaving the back door wide open. You have to do more, but where should you start? According to the information security guidelines for small businesses from the National Institute of Standards & Technology, educating your employees is critical to cybercrime prevention.
Train your people to limit personal use of company computers, machines, and mobile devices. If your online catalog goes down for a length of time, this could indicate a cyberattack. Do your employees know checking work emails at home could expose confidential customer information? Empower your people.
Step 1: Control Access
Who has the passwords to your systems? Who should have access? Keep a list and vet it regularly. Never allow unauthorized persons (e.g., cleaning crew, maintenance personnel) to have unsupervised access to your networked machines or computers. Take advantage of privacy screens that lock devices if they go unused for a specified period of time.
Set up separate accounts for all system users with strong, unique passwords, including any subcontractors. Your employees should only have the administrative privileges needed for specific work functions.
Invest in background searches of prospective employees, including criminal offenses and credit checks. Verify references to determine if the applicant has provided truthful information. Honest employees are critical to cybercrime prevention.
Develop and implement cybersecurity policies with your HR professionals. Ensure that all employees understand the significance of cybersecurity and how they are responsible helping the organization stay secure. Keep a signed acknowledgement of these policies in every employee’s HR file.
Step 2: Safeguard Your Information
As previously mentioned, only allow employees to access to the systems they need to do their jobs. Additionally, just install software applications that you need to run your business and patch/update them regularly. Use checks and balances so a single employee, manager, or executive is not approving transactions.
If an employee leaves your business, ensure all system access is terminated immediately. You may need to collect the company ID, delete user accounts/passwords, change group passwords, and/or collect entry keys.
Note that firewalls, antivirus software and malware programs are useful blockers against cyberattacks, but only if your people remember the passwords! Secure your passwords/keys separately from your backed-up information. Train your people to log activity from any anti-spyware programs to detect any threats.
When it’s time to retire your old computers and machines, be sure to wipe the hard drives and have the machines destroyed, along with any CDs, USB drives, etc.
Step 3: Create a Response & Recovery Plan
When it comes to cybercrime prevention, your disaster plan is vital. If there’s a fire, burglary, or natural disaster, do your employees know their roles and responsibilities? Determine who will initiate your response plan and who will lock down or shut down systems and back up or move critical information. Create a hierarchical list of managers, contractors, insurers, etc., to contact in the event of an emergency.
Regularly backing up data such as HR files, customer accounts, and systems logs can help cover your bases in case of a fire or other disaster. Conduct backups weekly and store this information on USB drives or external hard drives that can be removed, and, if possible, via separate online or “cloud” service providers.
Your Best Defense in Cybercrime Prevention? Ask the Expert
With employee training, you’ve taken the first step in cybercrime prevention. Remember with an increasingly mobile workforce, threats arise from both personal and business devices to both your Information and Operational Technology. If you can use your laptop, phone, or tablet to access your shop floor systems at home (including machine monitoiring), cybercriminals can target your connected equipment on the manufacturing floor.
Clearly these first steps lead to a lot of subsequent questions about cybercrime prevention, which means it’s time to think about the bigger cybersecurity picture.
Why not ask the experts? TechSolve has established a reputation as the go-to source for cybercrime prevention with over 15 years of connected manufacturing experience and a deep understanding of cybersecurity risks.
Contact TechSolve today for a consultation with one of the industry’s leading experts in cybersecurity. He’s a Certified Ethical Hacker who has first-hand knowledge of the most common threats, including Operational Technology vulnerabilities specific to today’s manufactures.
