According to the most recent IBM X-Force Cyber Security Intelligence Index, the manufacturing industry is one of five industries with growing cybersecurity needs. As a manufacturing organization, the types and amounts of information you deal with on a regular basis make you an attractive target to cybersecurity attackers. From intellectual property to customer lists and production secrets, your data can be extremely valuable to an attacker. You might have strong cybersecurity protocols in place, but if your employees aren’t properly trained the results can be costly and damaging to your organization. Unfortunately, 60% of cyber-attacks come from “insiders,” with 15.5% coming from “inadvertent actors” – aka, your well-intentioned employees. What can you do to make sure your employees are better trained on cybersecurity measures?
Talk Now and Talk Often. So you have an “IT Security Policy” in place and your employees even sign it annually-you are covered for cybersecurity training, right? Not quite. Employees need to be trained often. Find ways to mix it up-send blast emails, hold Lunch n’ Learns, discuss recent cyber-attacks in the media and news so they can understand and relate. Even better, consider quizzing your employees every so often, and make it fun with incentives or prizes. Most importantly, keep them continuously engaged in the fight against cyber-attacks. It is important for your employees to know that cybersecurity is not just an IT issue. With almost every part of the manufacturing process dealing with technology and data that can be of value to hackers, every employee should be trained on proper cybersecurity protocols.
Don’t Forget the Bosses. Don’t limit your cyber training to staff-level employees. Managers and executives are often the targets of cybercriminals. If you’re wondering why, it’s because these are the people who generally have the highest levels of access-especially to the more valuable information such as financials, corporate information, trade secrets, personnel files, etc. What’s even riskier is that many times IT allows these managers and executives greater network liberties and access rights. So be sure to keep the folks at the top in the loop too.
Include Cyber-training in On-boarding. Companies bring in new employees year-round. It’s risky to allow your new hires to begin using your technology and network prior to introducing them to some user security guidelines. As part of your on-boarding process, new hires should receive basic cybersecurity training. This ensures that they’ll start off on the right foot and they’ll understand that your organization takes cybersecurity seriously.
Speak about Social Engineering. Social engineering attacks may be some of the simplest for a hacker to pull off-and the occurrence of them is growing. In these attacks, users are “tricked” or manipulated into performing an action or releasing confidential information inadvertently. Phone calls or emails from hackers impersonating someone else (Vishing/Phishing), malicious texts (Smishing), and fake surveys and malicious links on social media sites are just some of the common examples of social engineering. These attacks go after the technology and websites that your employees likely interact with daily, so don’t forget to teach them the risks here-not every link is legitimate and not every sender is trustworthy. When it comes to manufacturing, an industry filled with important private information- from vendor dealings to intellectual property, ensuring your employees are trained to spot a phishing or other type of social engineering attack is key.
Help Employees Understand the Impact of an Attack. With manufacturers dealing with information that is highly valuable to an attacker, helping employees understand the true cost of an attack is important. Given the high value information, manufacturers are more prone to ransomware attacks, as the attacker knows that the data is so important, you’ll be willing to pay their high ransom to get the information back. There are also other costs- such as the cost of compliance with requirements that some of your suppliers demand. If your cybersecurity and data security requirements aren’t compliant, your organization can suffer an enormous cost- even the cancellation of a major contract.
Ensure Employees Know “The Plan.” You’ve read everywhere, “it’s not if you’ll get attacked, but when you get attacked.” You need to have an incident response plan in place for handling breaches and your employees must be trained how to recognize an attack and what to do next. Tasks like unplugging the machine, notifying an administrator of unusual, suspicious activity and reporting lost or stolen mobile devices are just some of the steps you should include in your cybersecurity training.
Don’t underestimate the power of knowledge. The more your employees know about cybersecurity, the less likely your organization is to fall victim to cyber-attack. Keep the conversation going, solicit feedback from your staff and keep the training continuous. It may be just enough to keep your well-intentioned staff from making a critical, and costly, mistake.