"Warning: Your computer systems may have been compromised." It's the news no executive team wants to hear, but it's increasingly commonplace in today's interconnected world.
In July 2013, smartphone, tablet and computer manufacturer Apple Inc. experienced a high-profile cyber attack on its developer website. In the aftermath, Apple publicly admitted that the culprits made off with an unknown number of mailing lists, e-mail addresses and possibly other sensitive personal data. Here are some ways manufacturers and distributors can prevent a similar data breach from occurring at their facilities.
Know your risks
Cyber attacks are estimated to cost U.S. businesses as much as $250 billion per year, according to computer security firm Symantec. And it's not only large multinational businesses that are targeted these days.
According to a 2013 study by the Ponemon Institute, a data protection and information security research firm, 29% of U.S. small businesses experienced a computer security breach during the previous year. Of those attacked, nearly three-quarters of the victims were unable to fully restore their systems after the attack. The survey also reports that the consequences of those attacks included potential damage to their reputations (59%); theft of business information (49%); the loss of angry or worried customers (48%); and network and data center downtime (48%).
Manufacturing and distribution executives sometimes can be caught unaware of the prevalence of computer security breaches — mistakenly presuming that cyber attacks and network disruptions happen primarily in other sectors, such as health care and retail. But manufacturers and distributors rely heavily on electronic data systems — for example, to transfer freight manifests, track inventory with RFID tags and dispatch load routes. So, they can't afford to take a reactive approach to information technology (IT) security. In addition, intellectual property that a company owns may be at stake and at a cost that sometimes cannot be reasonably estimated.
Prepare your defenses
Prevention is essential when it comes to making sure malicious hackers don't vandalize your information systems or make off with your plant's valuable trade secrets, customer lists or financial information. Here are some ways you can minimize the chances of becoming the victim of a cyber attack:
Inventory your data. Catalog where you store customer lists, intellectual property, financial information and inventory information, so you can assess its vulnerability. It may not always be on site. For example, some information may be stored on personal computers in the possession of current and former employees.
Assess risk. In-house or outside IT professionals can help analyze weak spots. They can determine whether you possess the most effective, up-to-date software available to protect against dangerous virtual predators like worms, malware, trojans and viruses. It's also a good idea to change passwords on a monthly basis and encrypt sensitive data transmitted electronically.
Communicate with vendors. Data security is a collaborative effort among all of a company's partners. For example, if you grant a third-party shipping company access to proprietary supply chain data — such as your customer's demand and inventory levels — that information could be stolen if a hacker breaches the shipping company's computer systems. Inquiring of service providers as to procedures and audits they have had performed is also crucial. Requesting a SOC 1 or SOC 2 should be on the top of a company's list before engaging in work with a vendor. Limit data sharing to only those supply chain partners that absolutely need it. And ask your partners about their IT security programs. Request partners with weak IT controls to beef up their efforts.
Other security measures to consider. In addition to enacting powerful passwords, classifying data and understanding overall risk, it is also imperative to consider other areas where there may be weaknesses within the organization. Reviewing access lists on a quarterly basis, performing periodic vulnerability assessments such as internal and/or external scanning, and enacting security training programs are just some of the actions a company can take to strengthen its stance against attacks.
Protect your business
Unfortunately, some businesses don't know that their systems, intellectual property and important business records are vulnerable to cyber attacks until it's too late. Check with Weaver today to ensure that your financial information is secure.
For more information, contact Mark Walker at Mark.Walker@weaver.com or 817-332-7905.