Cybersecurity Starts with Your Employees
Small and medium-sized manufacturers (SMMs) are at particular risk of cybersecurity incidents. Cybersecurity works best when it’s built into a system. When all levels and aspects of an enterprise are cybersecurity enabled, it’s much more resistant to penetration. At the most fundamental level, employees put policies and procedures into action. Making sure employees are well-trained in electronic security and informed of all company policies and procedures concerning cybersecurity is a great place to start.
All manufacturers need an Incident Response Plan (IRP). An IRP contains written procedures for detection, response, and damage mitigation steps to deal with a cybersecurity incident. Getting the IRP ready requires a 4-step process to be integrated into the plan. More about this topic...
Three Part Blog
Part 3: Security and Employee use of the Internet
Internet Security has become an umbrella term covering everything from identity theft to virus protection to using firewalls to keep outsiders out (except when you want them in). This article focuses on intentional as well as the inadvertent insider threat and address security concerns managers must understand when employees use company resources to access the Internet.
One of Pearl Software’s quickest success stories was a customer who kept losing competitive bids for contracts based on price. Fearing an inside leak, the customer installed our Employee Internet Management software and quickly discovered that one of his employees was being compensated for emailing confidential bid details to a major competitor. Another of our customers, a large hospital, was inundated with viruses – the digital sort. Computer viruses were frequently plaguing its systems, rendering them useless at times. Antivirus and antispyware software tools would successfully clean up defiled systems, but only after they wreaked havoc for users and the IT staff. The hospital installed Internet monitoring software in order to identify usage patterns and determine and block likely Web sites and users that were the root cause of their issues. The hospital’s primary concern was that an employee could inadvertently download a trojan, making an infected computer a gateway to external hackers and providing unauthorized access to patient information. More about this topic...
Commonly known as cyber-attacks, data breaches, or cybercrimes, data theft (whether it is internally or externally driven) can bankrupt the average business. During the fallout of a data breach, businesses can lose proprietary data that form the core of their capital-generating strategies. The aftermath of this can result in massive lawsuits. As these incidents increase, businesses are asking how much a cyber incident could cost them.
The U.S. government collects information on cybercrime and cyber espionage through various means. Yet, it is still difficult to accurately assess the cost of cybercrime for the average business because of varying business landscapes and the diversity of cybercrime attack methods. In addition, businesses are often reluctant to report these incidents due to the potentially devastating fallout or further exposing vulnerabilities that subsequent cybercrime provocateurs could exploit.
Many reputable cybercrime surveys peg the average business’s annual losses at anywhere from $1 million to more than $3 million. This falls in line with PriceWaterhouseCoopers (PwC) 2014 Global Economic Crime Survey, which found that 7 percent of U.S. organizations lost $1 million or more due to cybercrime incidents in 2013. The survey went on to show that 19 percent of U.S. entities reported financial losses of $50,000 to $1 million, compared with 8 percent of worldwide respondents. More about this topic...