Cybersecurity is often overlooked in many industry settings. Not entirely, but it doesn’t get the attention or budgeting that new equipment, cobots, and other tools get. They are easier to justify by improved throughput, increased efficiencies, etc. Cybersecurity doesn’t add directly to the bottom line, yet if you are the recipient of a cyberattack that stops equipment or causes harm to employees, that is bad. Very bad. Here are four ways to improve cybersecurity in manufacturing companies.
1. Take Inventory
Before you increase your cybersecurity efforts, it’s important to understand what you have. Take an inventory of your systems. Use our Smart Value Stream™ method to help. Develop network maps and understand the critical systems that could bring your equipment to a halt if attacked.
Develop a disaster recovery plan if a cyberattack leaves you shut down. Remember the best time to have a map is before you go for a walk in the woods. Include the actions that happen if your systems are left inoperable.
2. Separate OT from IT
There are two types of systems in many large industrial organizations. The IT systems- your ERP system, accounting software, CRM, Microsoft office suite, etc. These you probably use every day.
The OT systems or Operational Technology systems control your equipment. These are the PLC’s, sensors, controllers, drives, etc. that control the shop floor equipment. Given the upcoming 5G speeds, this equipment will become more connected and share more information than ever before.
While you can purchase expensive monitoring equipment, a less expensive solution is to separate the OT systems from the IT systems. Make sure the only employees with access are your system administrators. Don’t allow everyone in the company to have access to your OT.
3. Set supply chain expectations
Make sure you set security expectations for your supply chain. A common way for sophisticated hackers to gain entry into a company’s network is to work upstream from their suppliers.
Establish the expectations with your suppliers. I work with many machine shops that supply parts to companies like Lockheed or Space X. These large primes won’t allow them to use cloud storage as an example for security reasons. Set your expectations with suppliers and audit them for compliance.
4. Include humans
Given technical people will be in charge, the natural tendency will be to develop technical solutions. That will help, but most breaches occur because of sloppy password protections. Your employees will have the biggest impact on improving cybersecurity.
Phishing, downloading suspect software, granting access, and sending simple items like cad drawings can provide access to your systems. Ensure your company provides extensive cybersecurity training and repeat it often. We all get distracted watching those cat videos and don’t pay attention to the training. If it feels like you are conducting the training too often, that is probably the right frequency.
If you follow these four tips they will improve cybersecurity!
As always, it’s an honor to serve you, and I hope this helps you and your organization get a little better today.
Follow me on Twitter
Join me on LinkedIn
Listen to the podcast here