By the end of 2017, 50 percent of manufacturers will exploit the synergy of the cloud to facilitate innovative, ways of working on the shop floor, according to IDC FutureScape’s Worldwide Manufacturing Predictions.
Despite its rapid growth rate, the cloud also presents the possibility of serious security breaches that could drastically affect a company’s bottom line.
How can manufacturers protect themselves (and their organizations) while still enabling innovation, data access and flexibility in their processes?
We examine how to conquer the biggest threat to cloud security: uneducated employees.
Cloud security: Here’s what manufacturers can do
Know that your people are your biggest asset — and risk.
Across the information security industry, humans, not technological flaws, are the weakest link in the security chain.
A recent report by Enterprise Management Associates (EMA) also found that 56 percent of workers may not receive any security awareness training (SAT) at all.
When employees are actively involved in protecting company assets, they’re more likely to take ownership of their obligations regarding security measures. Involve the entire workforce in security training and brief them on best practices moving forward. Also, hold trainings at least once a year. Studies have shown that once a year is the best frequency to make sure the material sinks in.
Running unannounced security tests is effective, too.
“When it came to penetration test done by our firm, 75 percent of the time, we tricked end-users into doing something they should not have done, like click a malicious link, enter a username and password, open a malicious attachment,” notes Jeffrey Bernstein, executive vice president of critical defense.
Invest in tools that allow you to send simulated phishing emails to see if workers take the appropriate action given the scenario.
Reiterate the importance of backing everything up.
When it comes to the cloud, manufacturers face the possibility of permanent data loss. Make sure that whatever happens, you have secure backup of that data.
Cloud backups keep your business running with minimal glitches involved. Even if every computer in your warehouse goes down, you can still power up your tablet and log into your cloud-based inventory and other systems to get the information you need. Also, a cloud-based backup means your data is being stored offsite (so if a disaster impacts your facility, you don’t have to worry about lost data).
Distribute data and applications across multiple zones for a level of added protection.
Emphasize encryption.
Cloud encryption is critical for all businesses. It allows for data and text to be transformed using encryption algorithms and is then placed on a storage cloud.
To ensure the protection of your data before it leaves your business, you can encrypt at the network’s edge, ensuring the movement of data in the cloud is protected. Once the data is encrypted, keep the keys that both encrypt and decipher your information. Having both of these means that even if the information is stored at a third party provider, all information requests will need to involve the owner.
Do not store encryption keys in the software where you store your data. IT workers need to keep physical ownership of encryption keys as well as vet the strength of the encryption techniques being used.
Keep track of who has access to the data.
Sure, the location of your stored data is important — but nowhere near as important as who has access to it.
Who is in charge of doing what, who has access, and what are they trying to access? Establish access controls to manage risk. Tie user identities to back-end directories. Be proactive and put security measures in place to make sure that your data is protected. Rather than utilizing one too many passwords, implement single sign on (SSO) authentication capabilities.
Follow best practices for passwords.
Since files are zipped and encrypted with passwords, it’s important to choose one wisely. Most passwords — 90 percent, to be exact — can be cracked within seconds.
“Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols were once believed to be robust,” noted Duncan Stewart, director of technology for Deloitte Canada, recently. “But these can be easily cracked with the emergence of advance hardware and software.”
Although the limitations of our ability to remember complex credentials means there is a tendency for password reuse, don’t fall into that risk category. Come up with distinct, original passwords to deter hackers.
Have employees enable popup blockers.
The latest spin on a ransom note isn’t composed of letters clipped out of a newspaper. Ransomware attacks, (skyrocketing as of recently), install viruses and encrypt your data so you can’t read it. It then demands you pay a ransom to access your files.
Popups are a prime tactic used for Ransomware, so avoid accidentally clicking an infected popup. Popup blockers will prevent this malicious software from taking over your system.
And remember: If a popup appears, click on the X in the upper right-hand corner. Nothing else.
Test everything.
When putting measures in place to protect your cloud, think like a criminal. One of the best ways to do this is penetration testing: an IT security practice designed to identify and address vulnerabilities as well as minimize cloud security threats.
A few things to keep in mind:
- A penetration test looks like a real attack, so be sure to inform your cloud provider before beginning.
- Evaluate what your weaknesses are and create an inventory of what to test such as servers and applications.
As you continue to build your cloud penetration testing plan, remember that internal threats are as likely as external threats.
When it comes to data breaches, hackers and organized crime garner most of the headlines, but most data breaches are caused by human errors and system glitches. As a result, educating your manufacturing employees on the cloud is a big component in preventing data breaches.