Three-Step Security Battle Plan For Manufacturers

Given all your security priorities, this article boils it down to the key steps that you need to do first in each of the people, process and technology areas.

Nov 29, 2017

Manufacturers are dealing with a number of security concerns related to aging infrastructure, the constant threat of data breaches, lack of formal security policies, and like many other industries, an overworked IT staff.

While tackling all the things you need to do to improve your company’s overall security may seem overwhelming, the good news is there are a number of measures you can take. One of the first steps is assessing where your company stands when it comes to security best practices.

We developed a security grader to help small and mid-sized organizations, including manufacturers, determine the people, processes and technology areas they need to take into account to strengthen their security posture. Given all your security priorities, this article boils it down to the key steps that you need to do first in each of the people, process and technology areas.

Top People Recommendation: Conduct Ongoing Security Education

Humans are the biggest target in a company, but they’re also a source of hope when it comes to your security strategy. Keeping the people side of the security equation strong requires that everyone in your organization have an awareness of security. If employees aren’t educated about what to do and what not to do when it comes to security, they may never know the dangers of using bad passwords, clicking on malicious links, or logging onto unsecured public Wi-Fi networks. Employees should be properly trained on security when they first come on board and should also receive regular training.

Your employee security orientation program should include:

  • An overview of your company’s security policies and processes
  • Demonstrations of security tools they’ll be using, such as two-factor authentication, a virtual private network (VPN), and a password manager
  • A mock scenario demonstrating how to spot common security threats, such as a phishing attack, and how to respond
  • A rundown of the people within the company they can go to when they suspect a potential security issue (e.g. your IT manager or security manager)
  • A quiz to test out their knowledge after the training session

The goal of your ongoing security education should be to develop a curriculum that educates employees about common security threats and that keeps security top of mind by way of regular education and awareness. Some companies offer free and paid for tools and services which can be a great help in educating users. Training can be conducted over brown bag lunches, interactive demonstrations and by regularly testing employees on best practices.

Some training materials to equip your team with include:

  • Role-based guidelines (e.g., what each team needs to know about security)
  • A library of content they can reference (e.g. a Wiki) for various security scenarios, such as phishing detection, using a VPN, or managing passwords
  • A special chat channel (e.g., #security on Slack or a dedicated and monitored email address) for employees to report suspected security issues and ask questions

Top Process Recommendation: Develop an Incident Response Plan

A cybersecurity incident response plan builds on your overall security program by putting in place a set of response tactics and tools to ensure that when an attack does happen, you have the people, processes and technology in place to respond effectively. In the event of an attack, time is of the essence, and being able to respond to both the attack itself and the people impacted are key strategies for mitigating the damage, costs and reputation to your company.

Your cybersecurity incident response plan should include these main components:

  • An IT security business continuity plan that describes how you will access and restore data and systems after a breach
  • A communications plan that helps you talk to faculty, students and parents in the event of a breach
  • Cyber risk insurance and liability language in contracts with outsourced service providers
  • Employee cybersecurity education
  • How to restore files from backup
  • Finding and responding to an attack

Top Technology Recommendation: Arm Yourself with the Latest Tools

Better manage passwords: A password manager can make using long, unique passwords easy and have a number of added benefits. You can sync passwords across your devices, audit your passwords for reuse, and set policies to ensure you are following best practices for password management including not reusing passwords. When using a password manager, we also recommend that you: 1) Use a good master password that you can remember! This password is extremely important because it allows access to all your credentials. 2) Set up two-factor authentication. 3) Configure the password manager to use long phrases.

Turn on two-factor authentication: This is an extra security measure in which you set up another way to log into a device besides entering a password. Typically, a user has to enter a code that the app texts via SMS or the phone app. This makes stealing a user’s password worthless. Cloud-based services like Google’s G Suite and Microsoft’s Office365 support two-factor authentication that is simple to put in place. You just need to make sure you enforce it for all of your employees.

Two-factor authentication helps with both proximity attacks and phishing attacks because it gives users an added layer of protection against being hacked by attackers who have managed to steal their credentials. We find that the majority of phishing victims are reusing the same weak password on multiple sites and do not have any additional authentication method.

Invest in anti-malware protection: Antivirus and firewalls are the backbone of any technical security program, but they shouldn’t be your only solution. Most antivirus and firewalls aren't built to identify the latest attacks-let alone capture or eradicate the threats once they get in. The right anti-malware protection can help defend against attacks that are delivered via the web and email, block outbound connections from inside your organization to stop an attacker from completing his mission and even offer user education on-demand.

A mix of employee education and preparedness, proper and effective procedures, and modern technologies are required to protect your organization against today’s threats and ensure your security posture is as locked down as it should be.

Todd O’Boyle is the CTO and co-founder of Strongarm.

Latest in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
April 17, 2024
Financial Cyber
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
April 19, 2024
Industrial Cyber
Hexagon, Dragos Announce Partnership
April 18, 2024
Ransomware
Report Shows Updated Ransomware Concerns
April 18, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
Manufacturing Business Management
Sponsor Content
Manufacturing Business Management
More in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
Acumatica looks to offer new solutions.
April 17, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Financial Cyber
Cybersecurity
1 in 5 S&P 500 Companies Reported Breaches Last Year
Ransomware demands and supply chain targeting continues to escalate.
April 11, 2024
Soc
Cybersecurity
How Oversight Impacts Enterprise Level Cybersecurity
A new report examines the benefits being realized by higher-level cyber scrutiny.
April 11, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024
Ldra
Cybersecurity
Platform Offers Actionable Security Analysis & Reporting
New vulnerability heat maps help remediate critical issues sooner.
April 10, 2024
Zero Trust Maxxa Satori
Cybersecurity
Research Shows Increased Zero Trust Adoption In Industrial Sectors
The strategy is being implemented across IT and OT environments.
April 10, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Cybersecurity
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
The safeguard minimizes the risk a harvest will be interrupted by cyber threats.
April 5, 2024
People Cyber Metamorworks
Cybersecurity
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024