How manufacturing companies can protect themselves from a data breach
After recent reports that half of Britain’s manufacturers have fallen victim to cyber-crime over the past 12 months, many industry leaders should be asking the same question – how can manufacturing companies protect themselves from a data breach moving forwards?
Somewhat inevitably, this led to a wide range of issues with regards to cyber security, as manufacturers soon learned that they, and their respective employees, were ill-prepared for such a sudden transition.
The effects of this dramatic workplace change are still very much in play. Most recently, a ransomware cyber-attack on a US fuel pipeline has demonstrated how changes must be made to avoid the detrimental impact of an attack like this on the public and economy.
Christine Sabino, legal director at Hayes Connor, indicated that the trend seen in the manufacturing industry was a reflection of the general pattern of data breaches in 2020.
“The reported trends in the manufacturing industry don’t necessarily come as much of a surprise,” she stated. “We recently commissioned a survey to investigate how companies are dealing with data protection issues whilst working from home during the pandemic. That survey raised a number of interesting points, especially with regards to the lack of training and guidance many employees received when they started to work from home during the first national lockdown.
“Of course, the rapidly increasing digitisation of manufacturing services has naturally increased the risk of cyber-attacks in this particular industry. But, when that was coupled with a sudden, wide-scale transition to remote working, a ticking time-bomb was set off.
“The increased risk of data breaches, in the manufacturing industry and beyond, had real world consequences for the companies themselves and the rest of the general public. The impact of any data breach can be devastating.”
So, what steps can manufacturing companies take to tackle these cyber-security threats? Ms Sabino believes that some the solutions are relatively simple.
Increased emphasis on secure systems
“What manufacturing companies need to appreciate is that cyber-criminals don’t just target companies that are known to hold large amounts of personal data – like hospitals or local authorities, for example. Often, criminals will seek out companies with noticeably weak security systems, exploiting them in order to run a ransomware attack,” Christine Sabino reveals.“Just because manufacturing companies don’t always have a comparatively large backlog of personal data on file, it doesn’t mean they won’t be targeted. There’s very little excuse not to heavily invest in cyber-security to reduce the potential for cybercriminals to find simple ways into your systems. Getting basic cyber security measures, such as password protection and encryption, is something no organisation should ignore.
“The pandemic has, as we know, had a significant impact on the manufacturing industry, and balancing the books hasn’t always been easy over the previous 12 months. However, with the worst of the pandemic hopefully behind us, there will be an opportunity for manufacturers to invest in cyber-security, without jeopardising their general cashflow.”
Effective staff training
Staff training to reduce the potential for human error is often overlooked, but does not need to be complex. In fact, data breaches frequently occur as a result of careless document handling.Finding time in a busy schedule to focus on cyber security can prove to be difficult for many manufacturing companies, but by spending as little as an hour a month, the chances of an avoidable data breach occurring are likely to be significantly reduced.
Touching on this subject, Ms Sabino explains: “The fact that around half of manufacturing companies don’t actually offer cyber security training to their staff is concerning. Data breaches frequently occur due to human error, so if your staff aren’t receiving the right training, how can you expect them to follow the correct procedures when it comes to keeping data secure?
“Employees in the manufacturing industry are likely to take on board any extra cyber training very quickly, so it’s well worth investing time into providing appropriate GDPR training – potentially through a third-party where necessary.”
Official response plans
It is also notable that around half of the manufacturer’s consulted in Make UK’s recent study reported that they do not have a formal plan or process in case of an attack.While it’s absolutely vital that manufacturers should invest more resources into cyber-security procedures, the threat of a data breach will be ever-present. So, if the worst does happen, companies need to be able to react as quickly as possible, so that financial and reputational damage is kept to a minimum.
The fact that many manufacturing companies are still hesitating to invest in new digital processes indicates that the manufacturing industry is currently lacking when it comes to prioritising safe and secure digital practices across the board.
“Now is as good a time as any for manufacturers to look ahead to the future,” Ms Sabino concludes. “We know that working patterns have been permanently changed as a result of the pandemic, with remote working becoming the norm rather than the exception. So, there is no better time for manufacturers to review their current cyber-security policy and procedures.
“With a carefully considered approach, and the right level of investment, it’s more than possible to significantly reduce the number of data breaches in the manufacturing industry.”