Cybercriminals are becoming more interested in small and medium-sized businesses. Why? They are viewed as vulnerable but still valuable targets. They are being attacked by evermore sophisticated attacks resulting in trillions of dollars spent in defending themselves. Let’s talk about cybersecurity for SMB manufacturers.
Governments and small businesses believe that they’re protected by anti-virus software. That may be true for many viruses, but cybercriminals are using artificial intelligence to make cyberattacks more effective.
Given the COVID pandemic with more people working from home, there are more opportunities to gain access to your systems. It isn’t just information that cybercriminals are after; they are delivering ransomware within your system.
The city of Baltimore was the target of a ransomware attack in May 2019. The hackers demanded about $76,000 in the form of bitcoin. Baltimore didn’t pay it, and it impacted them to the tune of $18M. The ransomware is called Robinhood and was used in Greenville, North Carolina as well.
A 2019 Poneman Institute report on the “Global state of cybersecurity in small and medium-sized businesses” found that 66% of SMB’s received a cyberattack and 63% had a data breach. The cost to manage the outcome averaged $1.2 M. Ouch.
Many cybersecurity breaches happen because employees inadvertently grant access to your systems. One of the most common Trojan horses is through CAD files that are shared with outside companies.
Here are some actions you can take to protect your organization:
1. Restrict User Access and Permissions
Only grant access to trusted sources and grant the most restrictive access possible. If employees need access to confidential files, consider granting read-only access.
2. Enforce Domain and Network restrictions
As more machines get connected to the cloud and each other, you will have IT systems and OT systems. OT or operational technology systems control the communication between your on-machine sensors, etc.
These provide back-doors into your IT systems. The purpose of having IT and OT systems communicate is to increase efficiency and real-time performance data. That does not mean that every available computer in your building needs access to the OT systems. It’s great that machines can communicate, but limit who can view the communication.
3. Account for assets connected to the IT systems
The assets that get connected to the IT systems should be accounted for. That includes machine assets, which are also IT assets. It is important to develop a Smart Value Stream® Map to identify systems, software, and protocols across your entire factory.
Understand who is connected to your network from outside your four walls. WFH situations have increased in the past few months. Ensure you account for those assets as well.
4. Conduct User Education
Educate employees on protecting documents that contain intellectual property and sensitive information.
5. Make Security a requirement
When purchasing new equipment make security a priority. Computers have a short shelf-life. I’ve seen medium-sized companies using laptops and computers over five years old.
One can only imagine the opportunities these old machines present to hackers.
As always, it’s an honor to serve you, and I hope this helps you and your organization get a little better today.
Follow me on Twitter
Join me on LinkedIn
Listen to the podcast here