Intelligence agencies, security firms, and tech titans are ringing alarm bells over the growing threat from cybercriminals in the midst of the global COVID-19 pandemic. The FBI recently issued a warning about malware known as Kwampirs, which targets supply chains. Because of COVID-19, more people are working remotely, and being exposed to significant technology risks, such as shadow IT and insecure access, and the human vulnerability risk to increased phishing campaigns.
Managing cyber risk is just one of many significant challenges manufacturers must now overcome. Manufacturers are often seen by threat entities as a pathway into larger industries and government agencies. With high risk, but limited resources and budgets, manufacturers need actionable, cost-effective guidance and assistance to manage their cybersecurity risks.
When a manufacturer suffers a digital breach or attack, it can not only hurt the Company’s reputation and bottom-line performance, it can close the plant’s doors for good. As the manufacturing industry becomes more digitized, it is an increasingly popular and unfortunate soft target for cybercriminals. Many manufacturers with less than 500 employees, who have experienced a cyber-attack, have gone out of business within 9 months of the event.
With the ramp up of manufacturing happening in NY, let’s explore the question “How secure is your factory floor?”
Computers– Do all workstations should have an automatic session lock set to engage after a prescribed and short period of inactivity? Are employees required to enter a unique username and private password to regain entry into the system? Are all IP Addresses accounted for and secure, via firewalls and software, from outside internet infiltration?
Devices-Thumb drives and similar portable hardware are used to store and transfer data, but these items can easily be lost or stolen. Are your employees putting sensitive company data on these media? Are these devices encrypted? Do your employees know to not plug an unknown/ found USB drive into a computer?
Paperwork/ Hardcopies-Printed materials and drawings contain sensitive company and/ or customer information. Are these items left out in the open, unattended, or for long periods of time? Are these documents classified correctly? What is considered controlled documents, and does your quality management system reflect these requirements? Do you have a policy and procedures that employees are trained to follow that mitigate these risks?
Training– Employees should be trained to recognize phishing attacks, wherein bad actors attempt to gather personal or sensitive company information using deceptive emails and websites that look like trusted sources. Once this pathway is activated by an unsuspecting employee, the hackers can access sensitive financial or personnel information, or embed malware into your computer network that can cripple or lock it down.
Response– Do you have an incidence response plan, and are all employees trained to respond appropriately and expeditiously to help mitigate damage?
Accessibility-Are your policies and site security up to date, with respect to physical access to your facility? Are non-employee visitors required to be escorted by a staff member at all times? Are primary and all secondary access points (man-doors, dock doors, windows, doors from office to shop floor, etc.) secured or monitored by cameras or electronic methods? Do your employees know what to do if they suspect someone appears to be out of place in your facility?
Remote Access Personal Devices-Mobile phones and hand held devices (Tablets) can be lost or easily accessed via open public networks. Employees with company provided devices should be bound by a use and security policy, including a PIN, password protection, and frequent variation. Access of personally owned devices onto a Company network should be prohibited, or significantly restricted. Any loss or theft of a device should be reported immediately.
Continued cybersecurity awareness training offers an incredible return on the investment. Robust cybersecurity policies and frequent training are the foundation for building a culture of security in your company. This problem is not exclusively an IT Department matter; everyone is accountable for cybersecurity in the workplace, as well as in their own personal circumstance.
We are all in this together; if any of our clients or partners have successfully implemented changes regarding these concepts and are willing to share with the WNY manufacturing community, we are asking you to submit them to us and we can share these best practices with all the manufacturers in our community. Descriptions, photos, examples, etc. would be beneficial and we can give you credit for any submissions that would be published.
Please submit any ideas to: firstname.lastname@example.org
Read more of Insyte’s #ReopenWNY blog series:
Reopen WNY: Getting Started Within New Guidelines – Recently we received the long awaited announcement that manufacturers within WNY are now allowed to reopen. Along with this good news, there are some required constraints to protect against the spread of COVID-19.
Reopen WNY: Covid-19 Visual Controls – As your employees start coming back and settling into their existing or new jobs, the time is right to think about enhancing your visual controls.
Reopen WNY: The New Office Environment – With an estimated 60+% of employed Americans working from home during the pandemic, the latest wave of change surrounds getting these people safely back to the office.
Reopen WNY: Touchless Visitor Sign In – If you are considering a visitor management system, this blog highlights those that offer touchless options & are compliant with NYS COVID-19 guidelines.
Reopen WNY: Workplace Activity – As manufacturers work to reopen their facilities and begin production, New York state has issued the Reopen NY Master Guidance for Manufacturing Activities.