With Cybercrime costs projected to reach $2 trillion by 2019 (Forbes) defending networks from cyber-attacks is no easy task. Manufacturing companies must have a thoughtful strategy to protect their business, employees, and clients. On May 3rd, a panel of experts discussed several myths that manufacturing executives believe about their cyber security:
- We’re too small to be appealing
- We don’t have anything worth stealing
- We have nothing to lose
- No-one is too small to suffer from a cyber security disruption. Even if you think you do not have a valuable intellectual property (IP) or operate an e-commerce site with credit card numbers – you are still very much at risk. Cyber criminals create malicious software all the time to “make a name for themselves” or “test it out” on smaller companies to see if it works. It still creates all kinds of headaches for you – whether intended directly to cause you harm or not.
- Bitcoin based ransom-ware is priced to make it easy for you to pay. Cyber criminals aren’t greedy. They know exactly how much most businesses are willing to part with – rather than fight with lawyers and IT professionals. So the ransom is typically affordable. The bigger problem, however, is getting the funds set up correctly and finding a broker to make the transfer. All of this will take you precious time while the cost to your business keeps increasing.
- Be careful about smart “spearfishing” campaigns aimed at your CFO. The panelists recalled stories where a cyber criminal, with knowledge of a business owner’s travel schedule, created a false email sent the company CFO. The email contained instructions from the “owner” of an acquisition he came upon at the conference he was attending and instructed the CFO with an account number to wire the money to. Millions of dollars have been lost this way. It seems far-fetched, but cyber criminals can be very clever because they learn behaviors and create communications, links or other malicious instructions that look like they could be legitimate. Too often, without training or protocols your employees may act where they shouldn’t. You need to train your employees continuously and keep user admin access to a minimum.
- Create a data or systems breach plan and practice it. A plan that exists on your internal network may not be accessible – so you need to know who to call. Talk with your IT, legal and risk insurance companies. Update your plan annually. Panelists recommend that you call your legal professional first in the event of a data breach if it affects client data in any way. That way, you have attorney-client privilege and they can assist with interfacing with your customers if it is advised to do so. This will better protect you should damages occur.
- Bruce Lach, President, SUCCESS Computer Consulting (Moderator)
- Jon Breyer, Partner, Lindquist & Vennum, Cyber Security Specialist
- Madeline Allen, Lockton Companies, Account Executive, Cyber Technology Practice
- Brandon Nohr, CTO, SUCCESS Computer Consulting
DS+B is proud to be a sponsoring partner of Gears and Gadgets, hosted by Minnesota Manufacturing Executives, which provides business owners and executives with informative presentations on latest trends, networking and peer collaboration for a strong manufacturing presence in Minnesota.