Cybersecurity Starts with Your Employees
Small and medium-sized manufacturers (SMMs) are at particular risk of cybersecurity incidents. Cybersecurity works best when it’s built into a system. When all levels and aspects of an enterprise are cybersecurity enabled, it’s much more resistant to penetration. At the most fundamental level, employees put policies and procedures into action. Making sure employees are well-trained in electronic security and informed of all company policies and procedures concerning cybersecurity is a great place to start.
All manufacturers need an Incident Response Plan (IRP). An IRP contains written procedures for detection, response, and damage mitigation steps to deal with a cybersecurity incident. Getting the IRP ready requires a 4-step process to be integrated into the plan.
- Preparation. It’s a fundamental axiom that preventing a problem is superior to any amount of mitigation. Make sure you’ve got the key people to identify in the event of an incident identified. They must be fully aware of how to carry out their roles during a cybersecurity incident. Maintain lists, descriptions, contact information or identification data on all vital assets –people, technology, processes, and operations.
- Detection and Analysis. Anti-virus, firewall, anti-spyware and a full array of anti-penetration software must be kept updated. All employees must be educated about how bad actors can gain access to the network through social hacking and social engineering. Keep logs of all computers and users, including automated logs generated by each workstation.
- Containment. At least one person on-site will always need the authority to respond rapidly to all incidents. You must have a containment team made up of the key people noted above with their contact information available to your point-person. Authority levels need to be established for such wide-ranging actions as taking your network offline while determining the nature of the attack.
- Eradication and Recovery. After removing the cause and restoring files or systems to normal operation, report the incident to proper authorities if you’re mandated to do so. Contact clients and let them know you’re back online.
Cybersecurity works when all employees know what to expect, who to contact, and what to do. It’s crucial that all employees be aware of the IRP and their role in it. It must be updated regularly, at least quarterly. With these steps in place, you’ll be ready to thwart cyberattacks.