Tips for Protecting Your Company From Cyberattacks

The importance of cybersecurity in today’s modern business environment cannot be overstated. More and more mobile platforms are being integrated into organizational processes at manufacturing companies every day, and it’s critical for the equipment industry to develop a strong understanding of how to best deal with these connected technologies.

As the industry becomes more connected with time, equipment manufacturers and their customers will be impacted in a number of ways, according to Matt Barrett, cybersecurity and privacy applications group leader for the National Institute of Standards and Technology's Information Technology Laboratory.

“The simple act of charging your mobile phone using a nearby USB port could cause the equipment you are using to malfunction,” Barrett explains. “If that happens at the wrong time, perhaps you have a safety issue, even loss of life. An equipment malfunction could also cause an interruption of activity and schedule… As a result, there can be significant financial impacts from a simple and seemingly harmless act.”

With this fact in mind, Barrett suggests companies educate their employees on the potential consequences of their cyberactivities.

The Impact Of Cybersecurity

The ability for a company to effectively protect itself today hinges upon its willingness to take the following two key steps:

• Address organizational concerns
• Create and implement a clear cybersecurity strategy

In recent times, avoiding issues related to cybersecurity have become quite difficult for many companies. Malware attacks are on the rise, and many organizations have been negatively affected by the increased prevalence of ransomware.

According to Scott Schober, president and CEO of Berkeley Varitronics Systems, cybersecurity is and will remain a major concern for companies of all types and sizes for several reasons.

“Companies remain too complacent when it comes to routine data backup, which is the most effective counter to any ransomware demand,” says Schober. “User behavior has not changed fast enough to keep pace with the onslaught of attacks. I witness cyber-complacency daily in organizations that feel it won’t happen to them, a dangerous stance that leads to lack of preparedness in security situations.”

For example, he says, one company he worked with recently found itself as the victim of a focused, but easily preventable, spear phishing attack.

“When an employee unknowingly sent employee tax information to a hacker, confidential information including name, social security number, bank account information and login credentials were shared with criminals,” says Schober.

As a result, he continues, organizations should implement the following three practices to better protect themselves from cybersecurity issue:

• Cyber-awareness training for all employees
• Teaching good cyber-hygiene throughout the company. This means training everyone from the C-suite down to entry-level employees
• Working with a third party to assist in cybersecurity efforts

Cyberattack Prevention

Because entities behind cyberattacks are becoming more sophisticated in their approaches toward executing them, staying safe has become exceedingly difficult task for many organizations today.

According to Barrett, though, it is possible if everyone within a company knows his or her role and performs it well for the benefit of everyone.

“Users need to understand how to use technology the right way, and be aware of how technology might be misused,” he says. “Executives need to understand how to allocate money and time to cybersecurity.”

Cybersecurity Strategy

No effort to improve cybersecurity can truly be successful without first implementing proper practices and training methods, and these activities must be aligned with an overall organizational strategy for cybersecurity.

Then, according to Schober, organizations must put basic controls and protocols into place, including:

• Creating a regular backup plan for all data stored offsite. Any cost-effective cloud storage provider is a viable option
• Using only name-brand security software on every computer, tablet and laptop that is automatically updated to deal with the latest threats
• Updating all operating system regularly and never use unsupported outdated software.
• Verifying all firewalls have the latest security patches installed
• Ensuring all mobile devices on your network have both hardware and software encryption with a long and strong password or PIN required for access
• Verifying the Wi-Fi network within the company and at the job site is secure, encrypted and has a long and strong password
• Setting up MAC filtering to only accept pre-approved employee devices

While putting good controls and protocols in place is the proper first step, Schober also suggests holding quarterly training sessions where organizations can improve the cybersecurity culture to demonstrate that everyone is an important part of the security effort. In doing so, all employees will know that ‘thinking cyber’ becomes part of everyone’s daily job requirements.

“By raising awareness, employees will realize the importance of slowing down to question anything that seems a bit off,” he says. “They will also come to understand that they will be rewarded for reporting something and not chastised by management for being overly cautious.”

It’s also critical for companies to develop a clear policy about what technologies are allowed or not allowed in the workplace.

Barrett suggests asking a key question: Is it acceptable for your employees to use their own device to interact with corporate mail servers, wireless networks, and computers? Perhaps, even more importantly, do your employees know the answer to this question?

Cybersecurity Moving Forward

While cybersecurity concerns are complex today, experts are certain the problems will only continue moving forward.

“So workers using their own smartphones, tablets and laptops at work must take into account the possibility of their own devices acting as carriers for malware invading their company’s network,” says Schober.

As a result, equipment manufacturers need to put in the time and effort to invest in both cybersecurity training and prevention methods to ensure their organizations will remain safe and secure over the long term.

This article / interview originally appeared on Association of Equipment Manufacturers (AEM)

Scott Schober, president and CEO of BVS, author, cyber security expert, advisor for BlockSafe Technologies @ScottBVS www.ScottSchober.com

Scott Schober

CEO | Author | Speaker | Cyber Security & Wireless Expert at Scott Schober LLC

Scott has presented extensively on cybersecurity and corporate espionage at conferences around the globe. He has recently overseen the development of several cell phone detection tools used to enforce a “no cell phone policy” in correctional, law enforcement, and secured government facilities. He is regularly interviewed for leading national publications and major network television stations including Fox, Bloomberg, Good Morning America, CNN, CCTV, CNBC, MSNBC and more. He is the author of "Hacked Again", his latest book as well as a contributor for Huffington Post and guest blogs regularly for Tripwire’s State of Security series. Scott also writes for Business Value Exchange, Fortune Magazine and IBM Big Data & Analytics Hub.