Is cybersecurity something you need to worry about as a small manufacturer? In 2011 50 percent of small businesses thought they were too small to be a hacker target, while the Verizon 2013 Data Breach Investigations Report found that 62 percent of breaches impacted smaller organizations. In 2011 the average cost to a small or medium-sized business from a cyber-attack was over $188,000.
What can be done to try and limit such attacks?
Jim Watson, President of California Manufacturing Technology Consulting, Inc., (CMTC), the MEP Center serving southern California suggests several tips:
- Limit use and distribution of personal credit cards as payment method for company expenditures
- Train employees on security principles and practices and limit employee access to data and information
- Find and Install the most recent security software and make sure it is updated and current
- Secure wi-fi networks, password protect access to routers and change ALL passwords quarterly
- Install security apps on business cell phones
There are several web resources available that can help small businesses understand the cybersecurity environment and develop risk-management strategies. Five of those include:
The FCC Small Biz Cyber Planner 2.0 helps companies develop a custom cybersecurity plan via an on-line guidance. The custom guide, while not a substitute for consulting with trained security professionals can help benchmark current practices.
Another valuable web site by the FCC includes additional tips for a small business dealing with cybersecurity as well as references to select articles and other web sites with important information . Of particular note are 10 Cyber Security Tips for Small Businesses along with potential solution providers to consider.
StaySafeOnline.org by the National Cyber Security Alliance has current information on trending topics and how to stay safe on-line. It offers opportunities to get involved in the cybersecurity community and has tips on teaching online safety.
Each year Verizon publishes a comprehensive Data Breach Report, the 2014 issue, includes a special report about manufacturing. These reports describe the types of attacks, the way companies find out they’ve been attacked and what most attackers seem to be after. For instance Cyber-espionage attacks counted for 30 percent of all incidences in manufacturing, the other top three attacks were Denial of Service and Web App attacks.
Finally NIST has several tools and workshops to help companies better understand and respond to cybersecurity issues such as the Cybersecurity Framework within the Computer Security Division Computer Security Resource Center. Planning is underway for a series of small business workshops to help owners and managers understand better risk management strategies.
While the Internet provides significant business advantages and opportunities to all companies of all sizes, every business should think about incorporating practices and tools to guard against cyber-attacks and significant losses.
Written by: Tab Wilkins for NIST-MEP's Manufacturing Innovation Blog