bigstock-worker-in-manufacturing-plant-82970321-300x200Manufacturing security faces some unique threats. Unlike other industries, manufacturers depend on PLCs and other electronic systems to control production, and those systems can be vulnerable to hacking. Nonetheless, most hackers use the same tricks they use in other industries — things like cracking passwords, installing malware and looking for unpatched software vulnerabilities. Here’s how to stop the most common manufacturing security exploits.

 

1. Teach Your Workers Good Online Security

 

Worrying about complex hacks when you haven’t taken care of basic IT security is like putting bars on your top-floor windows when you’ve left the front door wide open. The Symantec 2015 Security Threat Report shows manufacturing suffered the most spear-phishing attacks in 2014, which shows the industry is still failing at basic online security.

 

Teaching your workers how to avoid suspicious emails and dangerous links is probably the simplest way to boost manufacturing security. They need to understand that clicking on a convincing email link or a cute kitten picture on social media could install malware, giving hackers control of your network. Even when they assume they’re protected, antivirus software often fails to detect threats — it’s up to you to make sure your workers are using caution and common sense on the internet.

 

2. Use Strong Passwords

 

Security and compliance experts have been talking about strong passwords for years, but many users still don’t take basic precautions. According to Gizmodo, the two most popular passwords are still “123456” and “password.” And that can be frustrating for us in the security industry, because it makes our jobs harder, when we know there are simple solutions. We can’t keep your system safe if your employees are going to make things that easy for hackers.

 

A secure password needs to be long, and difficult to guess. Ideally, you should use a passphrase (a long, multi-word code) containing a combination of uppercase and lowercase letters, numbers and symbols. Surprisingly, it’s actually pretty simple to make one that’s hard to crack and easy to remember.

 

Start with a phrase that describes something about you, such as “ilovemotorcycles”.

Now, put an exclamation point at the end, and capitalize some of the letters to make it harder to guess: “ILoveMotorcycles!”

 

Turn some of the letters into numbers and you’ve got a pretty strong password: “1L0v3M0t0rcycl3s!”

 

However, you still need to have different passwords for each account, so that no one can gain access to them all by hacking one. No problem: your Amazon password can be “1L0v3M0t0rcycl3s4maz0n!” Your Walmart password can be ““1L0v3M0t0rcycl3sW4lm4rt!” and so on. If you use this technique, change your password regularly and never share it with anyone, it’s unlikely a hacker will be able to crack it.

 

3. Partner With a Security Expert

 

Being smart online decreases the risks, but it won’t eliminate them. Verizon’s 2015 Data Breach Investigation shows that 99.9% of successful attacks exploit unpatched vulnerabilities that have been known for a year or longer. Even tech-savvy businesses lack the expertise to keep their systems up-to-date and eliminate known weaknesses fast enough to keep hackers out. Without a security team monitoring your network, hackers will scan until they’ve find a gap you’ve missed, then wreak havoc in your system.

 

Symmetry takes a multi-tiered approach, battling hackers with industry-leading managed services, backed up by cutting edge security solutions and 24/7 eyes on glass monitoring and incident response. We’ll eliminate known vulnerabilities and watch your system for hackers searching for new ways in. If suspicious agents are scanning your network, our managed security services team will be there to blast them long before they can launch an attack.

 

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.