access point. How many of your users are using a variant of “password” or “admin” as their password? How often are passwords updated? Are passwords unique? Research suggests nearly half of online account holders have passwords that have not been changed for 5 years, making them vulnerable to data breaches. Nearly three in four online account holders use duplicate passwords among online accounts.6 unique, complex passwords
Instituting for any
secured environment (ERP, Payroll, etc) will create another barrier in your cyber security defense grid. Creating an expiration schedule will discourage reliance on stored passwords. Sixth step – Human error happens. trained on cyber
How is your staff
security protocols? What is your process for keeping users up-to-date on potential threats and how to avoid them? Anytime a new user is brought onto a network, they should be trained in the best practices for how to securely
browse the internet, check email, etc. That initial training should include a detailed explanation about keeping passwords as secure as possible, what are acceptable downloads, and how to properly access sensitive data without putting it at risk for even inadvertently being shared. Suppose one of your coworkers checks their email one day and finds a message from the company owner asking them to open the attached document immediately. The email has the company’s letterhead and everything looks like it is from the owner. What do they do? This message and others like it are examples of phishing, a method of convincing the user the email or document is coming from someone they know.
Most users associate phishing with e-mail messages that spoof, or mimic, credit card companies or other businesses like PayPal, eBay, Amazon. The messages look authentic and attempt to get the user to reveal their personal information. In addition to
stealing personal and financial data, phishers
can infect computers with
viruses as well. Regular reminders to all staff about system updates and best practices should be scheduled and shared with mandatory sign-offs or better yet automate the process of updating each system. Follow the KISS principle on helping staff to do exactly what they should do, and how best to do it, on an ongoing basis. IoT was designed around
convenience, not security. As we connect more devices in the manufacturing sector, we are more exposed to cyber attack than ever.
Per Cisco, currently
more things are connected to the Internet than people.
that 70 percent of IoT devices contain serious security vulnerabilities.
A recent study showed Cisco
goes on to say that 25 billion devices are expected to be connected by 2015 and 50 billion are slated to connect by 2020. With all these interconnected devices, navigating the expanding digital landscape requires both vigilance and common sense. Hopefully with the referenced steps in place, your company will feel more cyber secure.
® NEWS INTERNATIONAL NEWSLETTER OF THE INVESTMENT CASTING INSTITUTE
References 1. https://community.spiceworks. com/topic/1719202-locky-ransomware- encrypts-files-even-when-machine-is- offline? 2.
http://www.itproportal. com/2016/07/14/keeping-your-erp- systems-secure-in-the-cybercriminal- world/#ixzz4ESynodJf# 3.
http://www.erpfocus.com/
STAY UP TO DATE ON THE LATEST NEWS!
www.investmentcasting.org Subscribe today online!
November 2016 ❘ 23 ®
Five-sloppy-erp-security-practices- that-could-cause-your-company-
havoc-4457.html 4. http://advancedmanufacturing. org/securing-manufacturing-data-cloud/ 5.
http://www.computerweekly. com/opinion/Security-Think-Tank- Malware-infection-is-inevitable-so-be- prepared? 6.
http://www.computerweekly. com/news/450303585/Lessons-from- the-Dropbox-breach
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32
