Protecting Critical Infrastructure

Think that a hacker or other bad actor can’t hurt your company? Here are a few simple steps to take to start the process of IT and physical security of your critical infrastructure.

0
6131

Information is the most valuable commodity any company has. Whether it is held in a persons mind, a cabinet, or a computer, the information must be secured. This month’s “Tooth Tips” deals with the last two, which, unfortunately, are often overlooked. Gear manufacturers have even more to secure due to the diversity of work, materials and customer requirements they see.

However, IT and physical security are some of the most misunderstood and poorly implemented parts of any gear manufacturing company’s “must-run” installations. Most gear manufacturers have not been trained to implement even the most basic security protocols. These services are either contracted out or, if the company is large enough, an IT professional is hired to handle “the headache.”

Rather than try to suggest a complete solution to a complex problem, there are three simple things to do that will go a long way to ease some of the pain of IT and physical security.

Step 1: Backup

As simple as it sounds, you must backup your data on a regular basis to preserve it in case of a malfunction of your IT system. As you probably know, many people do not backup their own computers at home, and this practice can carries over to their companies.

Think about this. How long could your company go without its computer system?  A day or two? Maybe more? If something happens to your main server and you do not have a recent backup, it could take multiple days or even weeks to recover. Gear manufacturers have multiple sources of data that need to be backed up. Obviously, the main server that has the accounting, job shop control, and other key systems must be backed up, but what about your CNC turning, grinding, and gear cutting equipment? Do you backup programs from them? How about any servers dedicated to emails or document control?

All of these systems must be considered because if you are not able to access them due to a system malfunction and restore, you could be put out of business. Yes, out of business.

Also, backups are also a good way to preserve and reduce the volume of data for the long term for record keeping in case you need them. Offsite is best, but a fireproof secure location onsite may be ok if it is truly secured.

Step 2: Secure your data

Do you have modems, wireless routers, and employees using their own devices at your facility? If you do, you have risk. These are just some of the points of data leaks you may have at your company. Since all companies have private and confidential information that they have to lock down, you have a legal responsibility to secure this data. You may also have customer information that you have contractual requirements to secure. This applies to digital data and old school files. Everything must be secured.

Unfortunately, the human element is a critical link in the chain. Using weak passwords, allowing over-access to the system, or just not locking a door are some basic examples of problems that can be identified by an outside set of eyes to determine what is really happening to your system on a daily basis.

You may not think you have a risk, but all it takes is one data leak or theft of information and you’ve got a problem. It is theft — just like if someone came in and took a computer out to their car because they could.

The takeaway is to get a trained professional in to look at your system and lock down these possible leaks that may allow the outside world into your system without authorization. Not to be a Debby Downer, but every IP (internet protocol) address that you have is probed every single day to see if it can be hacked. By giving a hacker even a shred of info, you may as well give them the keys to the castle.

Step 3: Lock it up

Clearly, most gear companies have their files and computer systems setup with passwords for all individuals hopefully with different levels of access depending on job responsibilities. However, many companies don’t take enough time to secure their systems from unauthorized physical access. If someone has evil intentions and can physically touch a system, especially the main server, nothing is secure.

You must physically secure these file cabinets and servers. This will also include hardening all other terminals to slow down or halt all unauthorized access. This can present a challenge, especially when PCs and terminals must be available for employee use. While complete physical security is generally impossible, every effort must be made to lock these units down to protect against bad guys from having too much time alone with one of your terminals or PCs.

These simple yet effective steps will go a long way to prevent a data leak. Balancing accessibility with security is a typical problem with any system security implementation. You may not be as big as some of the larger companies who recently fell victim to security breaches, such as Home Depot and Target, but you still have information that you must secure to protect your customers, your employees, and yourself.

SHARE
Previous articleQ&A with Dan Agius
Next articleSurface Technology, Inc.
is the president of TopGun Consulting, a manufacturing consultancy with a focus on helping companies improve their practices and processes to increase the profitability and satisfaction of the owners of those companies. David has over 30 years of experience in manufacturing, more specifically in the gear industry. Using his experience, David is able to quickly assess difficulties  and recommend simple, yet effective, solutions to those issues. For more information, contact David Senkfor at david@topgunconsulting.net or (602) 510-5998, or visit Top Gun’s website at www.topgunconsulting.com.