Small Businesses Can Be Cyber Attack Victims Too
Posted by Michael S. on February 23, 2017 in Manufacturer Focus

Over the past year, there is a good chance you noticed a headline like “ThyssenKrupp secrets stolen in ‘massive’ cyber attack.” You might have glanced over it, thinking your small or mid-sized company is not on the radar of a hacker, but these types of attacks can happen to a business of any size.


According to the National Cyber Security Alliance, one in five small businesses falls victim to cyber crime each year. Of those that get hacked, 60% go out of business within six months of the attack—an astonishing number.2


Some attacks revolve around theft of intellectual property. If a hacker or competitor gets a hold of your intellectual property—whether it is a new invention, a secret formula to manufacture a special compound, a new product, or research to develop a cure for cancer—the impact of the theft can be devastating.


In many cases, especially in small and medium-sized companies, it’s not intellectual property that hackers are after, but the data the company stores. Think of all the employee and customer information you have—names and addresses, medical information, Social Security numbers, bank account numbers. This information can be worth some serious cash if sold to the right parties or if it is abused by the hacker.


So, what can you do?


First, take cyber threats seriously. A cyber attack can happen at any time to any company, no matter the size. Cyber threats can be internal or external. Internal attacks are initiated from within the company, like an employee downloading unauthorized software that is infected or a disgruntled employee intentionally uploading damaging software or downloading company files to steal or sell company data. External attackers usually work through the Internet or via Wi-Fi. A hacker may gain access to your system through an email, by having you visit a fraudulent website, or a variety of other ways.


Second, explain to your employees why everyone needs to take cyber security seriously. Not only can it protect you and your business, but it can also keep your employees from losing their jobs. Your security policy must be communicated and enforced. It should include guidelines on password strength and electronic media shutdown requirements. It should also limit the sharing of passwords or individual machines whenever possible and address the use of personal electronic equipment like smartphones or tablets that might be brought into your facility by employees, vendors, contractors, or customers. Any device coming into your facility can be a threat.


Limit the number of people who have access to sensitive information. For example, engineering and manufacturing managers often have access to all systems, but they might only need access to technical information. Give employees access to information and systems they need to perform their job duties efficiently, not to what they think they should have.


When your employees travel for business, make sure they use secure networks. This might mean paying a few dollars for Internet when staying in a hotel, but free Wi-Fi might not seem free if the device is hacked and the employee brings it back to work.


Third, put regulations and requirements in place for how new software or systems are brought into your facility as well as who will manage and install them. This can help eliminate some of the risk from external threats. If your customers or vendors require you to connect online with them, like sharing an ERP or MRP system, make sure their systems and security are up to your standards. When sensitive information or large amounts of money are electronically requested by email, make a call to the requester before sending it. You can set daily limits on the total amount of money that can be pulled from your bank account.


Finally, invest in system protection and keep the protection software up to date. If you have in-house IT support, make sure they have the education, tools, and resources to maintain a secure network and systems for your company. If you don’t have on-site IT support, hire a reputable and qualified cyber protection firm.


There will never be 100% assurance that your company is fully protected from a hack. If you have applied sound business methods, implemented a cyber policy, deployed your engineering controls, and implemented software and hardware protections, there is one final thing you should consider—cyber security insurance. Invest in cyber security insurance so you are properly covered if your business does get hacked. Learn about Acuity’s Cyber Suite today.




Michael S. is our Manufacturing guru
I have over 40 years experience in a broad range of manufacturing areas. Starting with an apprenticeship in Germany I’ve worked my way through a variety of positions within the manufacturing field. I got my start as a Tool and Die maker. I next became a supervisor of a class A tool room, then manager of a machining department. I was exposed to lean manufacturing in the mid 90s and adapted the lean philosophy. Loving and teaching the lean approach, I moved on to become a Continuous Improvement manager which led to a job as a manufacturing manager. I joined Acuity in 2015 as their manufacturing expert. I hope to evolve how manufacturers deal with and think about insurance companies, as well as be a resource to my fellow employees – enabling them to better understand the unique needs of manufacturers.

Get a quote today and Achieve Total Acuity
Posted By: Michael S. on October 10, 2019 in Manufacturer Focus
Michael Rothschild has more than 20 years of experience in security. Prior to his role at industrial security vendor Indegy, Michael worked in product management and marketing roles with Thales, RSA, Dell, Juniper Networks, and Radware. He taught marketing at Yeshiva University and currently occupies a board seat at Rutgers University. In his spare time, Michael volunteers as an emergency medical technician.