Industryweek 35572 Nst Industryweek 1540x800 080519

How to Protect Your Business from Cyber Attacks

Aug. 5, 2019
This article is the second installment in a five-part series outlining best practices when it comes to "Cybersecurity for Manufacturers." These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.

In part one of the MEP National Network five-part series on “Cybersecurity for Manufacturers,” we covered how to spot infrastructure weaknesses that open the doors to cyber attacks. Mitigating these threats takes more than a single anti-virus upgrade; it requires ongoing vigilance. But protecting your systems doesn’t have to be complicated. Here’s how to begin.

Limit Access to Your User Data & Information

Limiting access to your valuable user data reduces the chance for human error, which is the number-one information security threat. If an employee leaves your company, or transfers to a different company location, take protective action immediately, including deleting passwords and accounts from all systems and collecting company ID badges and entry keys.

An ounce of access prevention can equal a pound of protection when it comes to limiting the impact of a disgruntled ex-employee.

Install Surge Protectors & Uninterruptible Power Supplies

Uninterruptible power supplies (UPS) can give you enough battery life and time to save your data in the event of a power disruption. Check to ensure the UPS type and size meets your standards and requirements. 

Every computer and networked device should be plugged into a UPS. For less-sensitive electronics and non-networked equipment, standard surge protectors should suffice. Be sure to test and replace each UPS and surge protector as recommended by the manufacturer.

Patch Your Operating Systems & Software Regularly

Every new app can open the door to a cyber attack if you don’t regularly patch and update all software on every device used by your employees.

Always check for updates when purchasing a new computer or installing a new software system. Be aware that software vendors are not required to provide security updates for unsupported products. For example, Microsoft® will stop supporting Windows 7 in January of 2020, so if you haven’t upgraded yet, now’s the time.

Don’t delay downloading operating system updates. Updates often include new or enhanced security features.

Install & Activate Software and Hardware Firewalls

Firewalls can thwart malicious hackers and stop employees from browsing inappropriate websites. Install and update firewall systems on every employee computer, smartphone, and networked device.

Include off-site employees, even if you use a cloud service provider (CSP) or a virtual private network (VPN). You may also want to install an intrusion detection/prevention system (IDPS) to provide a greater level of protection.

Secure All Wireless Access Points & Networks

For secure wireless networking, use these router best practices:

  • Change the new device administrative password
  • Set the wireless access point so that it does not broadcast its service set identifier (SSID)
  • Set your router to use WiFi Protected Access 2 (WPA-2), with the Advanced Encryption Standard (AES) for encryption
  • Avoid using WEP (Wired-Equivalent Privacy).

For guest WiFi access, use a separate network from your business account.

Set up Web & Email Filters

Use email and web browser filters to deter hackers and prevent spam from clogging employee inboxes. You can also download “blacklist” services to block users from browsing risky websites that pose malware risks.

Caution your employees against visiting sites that are frequently associated with cybersecurity threats, such as pornographic websites or social media. This may seem like a no-brainer; but it only takes one employee to visit the wrong website to inadvertently download malware.

Use Encryption for Sensitive Business Information

Use full-disk encryption to protect all your computers, tablets, and smartphones. Save a copy of your encryption password or key in a secure location separate from your stored backups.

Email recipients typically need the same encryption capability in order to decrypt. Never send the password or key in the same email as the encrypted document. Give it to them via phone or some other method.

Dispose of Old Computers & Media Safely

Before donating or trashing old computers, you need to wipe all valuable hard drive information. Delete any sensitive business or personal data on old CDs, flash drives, or other old media. Then destroy these items or take them to a company that will shred them for you. Destroy sensitive paper information with a crosscut shredder or an incinerator.

Train Your Employees

Cyber-vigilant employees are your best protection against information security threats.

Every employee should know:

  • What business and personal use is permitted for emails
  • How to treat business information at the office or at home
  • What to do if a cybersecurity incident occurs

Train every new employee to protect valuable data and have them sign your information policy. Use newsletters and/or ongoing training to reinforce your culture of cybersecurity.

Now that we’ve covered the key steps to protect your valuable data and information, we’ll show you how to install mechanisms for detecting and recognizing a cyber attack in part three of our series on “Cybersecurity for Manufacturers” from the MEP National Network.

For more advice on cybersecurity best practices for manufacturers, contact the cybersecurity experts at your local MEP Center.

Traci Spencer

Traci Spencer is the Grant Program Manager for TechSolve, Inc., the southwest regional partner of the Ohio MEP. A member of the MEP National Network Cybersecurity Working Group, she recently completed the management of a two-year program that raised awareness and assisted small and medium-sized companies with the integration of Industry 4.0 technologies including cybersecurity, robotics and automation, additive manufacturing, big data/cloud computing, and modeling and simulation.

Popular Sponsored Recommendations

Getting the Most From Integrated Business Planning: A Collection

Feb. 22, 2024
Through this series of articles, you’ll get a definitive look at the power of IBP and how to leverage that power.

Beat the odds. Optimize product costs. Mitigate supply chain issues.

Sept. 12, 2023
Leverage fact-based supplier negotiations. Enhance design. Get to market faster. Our comprehensive Should Cost Analysis guide shows you how.

How to Build a Predictive Maintenance Program: Lessons Learned from LSB Industries’ Success

Dec. 21, 2023
Register today and join this webinar to gain insight on best practices for setting up a predictive maintenance program from industry experts.

Why Cybersecurity Maturity Model Certification (CMMC) is so important.

Dec. 14, 2022
Defense contractors face the very real threat of losing business if they are noncompliant with the Cybersecurity Maturity Model Certification (CMMC) standard. But what is it exactly...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!