Following recent cyber-attacks on high profile manufacturers in other sectors, we’ve been asked by glass manufacturers whether they need to be concerned about cyber security. And more importantly, do they need to do anything to protect their business from the kind of disruption and losses that they are hearing about elsewhere.
The simple answer is, yes and yes.
Let’s start by putting one misunderstanding to rest: Cyber criminals don’t care about who you are or how low profile your business might be. They have a scattergun approach which could hit anyone who isn’t protected. If new customers can find you online then cyber criminals certainly will.
There are many types of cyber-attack but one of the most damaging is where they infect your business systems and then lock you out of everything until you pay a large ransom.
These are well coordinated, well-funded attacks which generate huge amounts of money, often for organised crime groups or terrorists.
Many business owners are forced to pay up because these attacks take away their ability to take orders, plan production or invoice customers, and they know this can quickly put them out of business.
If you don’t understand IT and don’t want to understand, then you need to make sure you have a good IT support company which really understands cyber security.
Don’t make assumptions about what they are doing for you. Ask them. Make sure they know that they need to take the lead on cyber planning and implementation.
And when they tell you that you need to change things, you must make sure that everyone in the company follows the security measures which they put in place.
The best way to protect yourself against cyber-attacks is to understand how they are most likely to exploit your business, then be prepared.
This has two parts:
First of all, make sure your IT team or IT supplier is taking care of updates, patches, firewall configuration and all the many technical details that have to be right.
You need to understand where your vulnerabilities are. For example, many glass businesses have equipment like cutting tables which is controlled by old software that can only run on old, insecure versions of Windows. These can provide an easy way for hackers to get into your network and infect it from the inside. You can’t change them, so it is essential that you keep these PCs isolated from the Internet and from the rest of your network.
Remote working is now common in many companies. But if you have the ability to connect to your systems from outside the office then so too do hackers. There is a lot you can do to make remote working more secure, and to limit what people can do remotely. Think carefully about who needs what access, and get your IT people to ensure you aren’t opening up more than you need to.
Some of your suppliers may also have remote access arrangements, so they can connect to equipment for diagnosis and updates. However if they themselves are hacked or if there is inadequate security on the connection then this could provide hackers with a route into your network and systems. Review your suppliers’ remote access arrangements and ask them for details of how they manage that security.
Once you’ve got IT basics sorted, then being hacked is most likely to be caused by the actions of you or your staff.
Passwords are the final line of defence against many hacks. If you allow simple passwords, have continued to use default passwords, or your staff share passwords, you are making it much easier for hackers to get past your defences.
Where two factor authentication (2FA) is available, use it. This provides an extra line of defence in case your passwords are overcome.
But above all you need to educate yourself and your staff in the basics of good cyber security. Even if your people are all smart and IT savvy, anyone can make a mistake, particularly when they are under time pressure. Phishing attacks are getting more and more sophisticated and using AI to create very believable, personalised emails. As the cyber criminals get smarter, so must your team.
You can never be totally protected against cyber incidents so it’s essential that if the worst happens, you know exactly what to do so malware can’t spread and get worse.
Every device that gets infected will take time and money to clean. So on the whole you will want to switch off computers and other devices. But some servers must be shut down in a controlled manner to avoid data loss. It’s essential that you know which these are and how to do this.
If hackers lock you out of your systems and data then your backups will be a lifeline. That is, if the backups cover all the systems that they need to, have been running properly and weren’t also infected by the hackers. Make sure your IT people not only plan an effective off-site backup regime, but monitor it to ensure backups are working, and test the backups to ensure they can be restored properly.
You also need to make sure that your IT people, supported by the suppliers of your key business software, have a plan in place for rapidly reinstating your core business systems. At Jotika we routinely work with clients to help shape their disaster recovery plans.
Many insurers only cover cyber incidents under separate cyber insurance policies. The cost of recovering from a cyber incident can be substantial, even if you are well prepared, so it would be galling to discover that you weren’t covered.
The good news is that if you put in place the kind of cyber security protection that we’ve been talking about in this article, cyber insurance will probably cost a lot less than your less cyber-savvy competitors are paying.
At Jotika we are happy to work with your IT provider or cyber specialists so that your Gtrak system continues to run securely and underpin your business without interruption.
Please visit jotika.com or contact us to discuss your requirements.