It’s always a good time to be thinking about how you are mitigating cyber risk in your facility. The days of “risk-free” facilities are gone; now, it is all about adding layers of security to minimize your risk. Often, cyber threats are able to enter a facility through well-intentioned people. For example, an employee clicks a link without thinking. Or a vendor might use their own equipment that they didn’t realize was compromised. Solid policies and frequent reminders can help reduce these risks.
Education and Policy for employees
- All external devices such as external hard drives and thumb drives must be scanned and approved by IT for internal use.
- All employees should frequently refresh training on phishing techniques to watch out for in email or phone calls.
- IT should regularly keep all PC operating systems patched and maintain current Endpoint Protection.
- Networks should be segmented. The office should not only have a firewall between the site and the internet, but also between the office network and the plant network with managed rules for integrating the plant floor to the top floor.
- Mobile apps are a great innovation that allow a host of benefits. However, they should be vetted to make sure they are secure and read-only so they don’t allow an avenue into the network.
- Maintaining password best practices is critical. Every user should have their own password. - Current best practices lead us to understand it is better to have a longer, unique password or passphrase that very rarely changes than to have a short password that changes often. Multi-Factor Authentication further secures user access. Password manager solutions like LastPass make this much easier so that no one is relying solely on their memory for every password in their life.
Best Practice for visitors (visiting vendor, customer, or anyone else)
- Any new device that enters the facility has some risk. Some facilities have chosen to eliminate outside vendor PC use in the facility entirely. They do not let vendors enter with their own laptops, and provide a PC engineering station or laptop instead. Other facilities make certain the laptop is checked by IT and has current Endpoint Protection and a clean, thorough scan every time they enter the facility.
- External hard drives, thumb drives, and other media have a higher level of risk. This has been a method to take down very solid IT defenses to the surprise of all involved with no treacherous intent—either employee or vendor. We recommend not allowing these media devices in the facility at all.
While some of these measures can feel inconvenient, they are far less disruptive than a hijacked or shutdown system. Bachelor Controls helps customers set up secure networks and always keeps industry best practices in mind. Digital Safety solutions that provide greater means of protection and recovery are available. Please feel free to reach out to us with any questions or concerns.