Many who run small to mid-size businesses tend to think of cybercrime as only a big business problem. While it’s true that large corporations, governments, banks and retailers are likely targets for Internet based crimes, smaller businesses – including CNC shops – are not immune. According to the 2016 Internet Security Report from Symantec, 43% of cyberattacks last year targeted small businesses.
Even more disturbing is the increase in small business ransomware incidents in which hackers take control of your computer systems and hold them hostage until you pay a ransom. Otherwise they threaten to sell and/or erase all of your data if you don’t quickly pay up. Norton, a provider of software to protect devices from viruses and other malware, estimates that ransomware was a $150 million business last year.
Given the severity of the problem, it’s wise to regularly review your computer system safeguards. Of course, your first priority is to protect your business data, including financials, customer files, engineering, R&D and CAM/CAD information. Equally important, in this age of the Industrial Internet of Things, is protecting any shop floor communications systems that share data between workstations and possibly a host computer. If any of these data become corrupted or held for ransom, the impact on your business could be devastating.
So what can you do to protect your shop?
- Firewalls and defensive software. Experts agree that firewalls for all computers, Wi-Fi routers and anything else that connects to the Internet are essential. Anti-virus software is your next best line of defense, provided you keep it continuously updated.
- Restrict employee access. The fewer people who can get into your data, the better. Only those employees who need access to your systems to do their jobs should be able to do so. This is not as much a concern about an employee wishing to harm the company as it is a means to reduce the potential for human error or carelessness that could leave your systems at risk.
- Establish and enforce a BYOD policy. When employees bring their personal devices (smartphones, laptops, tablets, etc.) to the workplace, they can tap into the company Wi-Fi system and possibly communicate with company computers. This opens the door to introducing viruses or malware from their devices into the company’s. It may be wise to only allow company-provided devices to connect to your computer systems, or setup an Internet security protocol for screening personal devices.
- Backup to the cloud. As important as it is to regularly backup your data, it is equally important to do so to a secure, location. In the event of a fatal system failure or a ransom attempt, having your data regularly backed up to the cloud enables you to quickly reinstall software and data once your system is cleared for a restart. The cloud also has greater security in place than most smaller businesses can afford.
- Regularly change passwords. One of the best protections for your systems is to change passwords frequently. It’s also important that the passwords be complex, using a combination of upper and lower case letters, numerals and special characters. Also, resist the temptation to use the same password to access multiple devices. The Wi-Fi password should be different than the one for a computer, and so on. Strong, unduplicated passwords are harder to hack. And don’t forget to change the passwords anytime employees leave the company, no matter how much you trust them.
- Consider outside help. It may make sense for you to hire an IT security firm to analyze your systems, discover any weak points and provide recommendations to shore up your systems. Yes, you’ll pay a price for this service, but it could save you considerable expense in the future. You’ll also sleep better.
- What if the worst happens? Despite all of your precautions, you could experience a system meltdown or cyberattack. That’s why you need a written recovery plan that specifies who to contact for help, procedures to follow (for example, how to retrieve data from the cloud), and any actions that will minimize the damage.
Unfortunately, as we continue to develop technologies that enable us to run our businesses more efficiently, there will always be criminals who attempt to use this technology against us. Having a proactive approach to protecting your data with these and other methods is your best defense.