Don’t Wait Until You’re a Victim

SBCA Magazine,

Cyber criminals are targeting component manufacturers

Imagine you’ve been the victim of a cybercrime. No one can access design files. Your saws won’t run. Your accounts receivable is dead in the water, and you can’t even reach your customers because your database and emails are inaccessible. Imagine it takes several weeks and hundreds of thousands of dollars to get back up and running. Several component manufacturers (CMs) don’t have to imagine it because it’s happened to them. They learned the hard way that cybersecurity is possibly one of the most vulnerable aspects of their business.

Addressing the Cybersecurity Risks of Remote Workers

Joe Childress, Technologix Group
Greg Dahlstrom, Villaume Industries

Because CMs rely heavily on data and networked systems to transact business, they have become a target of cyber criminals. If you think you’re too small, think again. According to a recent study by Accenture, 43 percent of cyberattacks target small business. If you think it can’t happen to you, consider that 43 percent of cyber breaches are the result of a threat created inside the company, whether it was intentional or not.

“I think one of the greatest misconceptions out there today regarding cybercrime is that an anti-virus software provides adequate protection against today’s attacks,” says Joe Childress, COO of Technologix Group, a cyber security firm that has been assisting CMs for several years. “Research by Verizon found that only 11 percent of cybercrimes were malware-related.”

If you have remote employees, protecting yourself from today’s cyber criminals gets even more complicated. “With remote workers, you introduce additional factors like personal computers, tablets, and phones being used for both business and personal purposes,” says Joe. “Remote workers might also use unsecured public wireless networks (Wi-Fi).”

Joe points out all these situations roll out the red carpet for ransomware attacks. “You really need to have clear policies about the use of company equipment outside of your facility,” he continues. “The last thing you want is the computer used during the day to process vital business design files to be used by employees’ kids at night to play Fortnite.”

Joe emphasizes that it’s never too late to protect your employees and your company’s data assets. “The best place to start is training,” he explains. “Ninety-five percent of cybersecurity breaches are caused by human error. You can spend hundreds of thousands of dollars on the latest software and systems, but the human is still the weak link.”

Joe recommends employees be required to take regular cyber security training sessions, saying, “These trainings can deliver a lot of bang for the buck. If they stop just one employee from clicking on a bad email or entering their work credentials on a fraudulent site, you’ve saved a massive amount of money.”

Another important tool that should be in every CM’s arsenal is multi-factor authentication. This is the process by which a secondary device and independent software are used to verify that someone is indeed who they say they are when they attempt to access the company’s network and files. “Unfortunately, it’s incredibly easy for a cyber criminal to log in as a company employee in most cases,” Joe points out. “Multi-factor authentication stops this dead in its tracks because the criminal doesn’t have access to the secondary device.” While there may be a slight slow down in productivity, he stresses the security benefit far outweighs the time investment.

The worst thing you can do is wait until you are a victim. “Unfortunately, our society typically operates on this principle,” Joe laments. “We don’t install a stop light until enough people get hurt or killed. Cybersecurity is treated similarly.” The problem is that cybercrime is lucrative. Bad actors are spending millions of dollars to develop more insidious ways to lure unsuspecting employees into handing them the keys to the company’s data.

That said, Joe emphasizes that cybersecurity is a journey, not a final destination. “Complacency is your worst enemy,” says Joe. “New threats are emerging every day, so keep your systems updated and patched regularly, too.”

“If you don’t take the threat seriously today and take meaningful steps to educate your employees and protect your data systems, it’s not a matter of if, it’s a matter of when,” adds Greg Dahlstrom, senior manager of manufacturing technology for US LBM, and chair of SBCA’s IT Committee. “We’ve had too many CM victims in our industry over the last few years to not take a very sober look at where we need to be a lot better at protecting our data.”