Analysis and Commentary


Cybersecurity – Identity and Access Management: Five steps SMEs can take to be more cyber secure

Analysis and Commentary




Today our Cybersecurity – Identity and Access Management series provides a few more pieces of important advice to beef up security for small and medium-sized enterprises. Here Sam Silva presents five things to consider.

As the manufacturing industry becomes increasingly automated and interconnected, it also becomes more vulnerable to debilitating cyber-attacks. 

At the Innovative Manufacturing Cooperative Research Centre (IMCRC), we’ve operated as a fully digital and cloud-based business since day one. The nature of our work requires us to prepare and continually share sensitive data with our industry, research and government partners. Thus, it has been essential for us to put in place simple but effective measures to minimise and hopefully prevent common cyber security incidents. 

As a business owner or operator, addressing cybersecurity threats may not be as high on your list as other priorities. But consider what would happen to your manufacturing business if production suddenly halted, or your valuable intellectual property (IP) was stolen, or you lost all your customer and sales data? These are the very real consequences of cybercrime. 

With this in mind, here are five steps that can be taken to instil a culture of cybersecurity with your business and help fortify it against cybersecurity threats. 

  • Know your data and where it is stored

Data is an integral part of every business. As a small or medium manufacturer, you’ll likely store sensitive data on your cloud, including financial information and IP, as well as the potentially personally identifiable information of your staff, customers and suppliers. Bear in mind that anything emailed is likely sent through the cloud.

As this type of data is commonly targeted by hackers, it’s important to know exactly what data you have, where it’s stored and how it’s transferred. You can do this by creating a data map, which will identify all the data and data touchpoints internally within your organisation and externally within your interactions with suppliers and customers. It’s important to include these third parties as Industry 4.0 means more are touching sensitive data than ever before, making supply chains susceptible to attacks. 

  • Know your risk exposure and compliance obligations

Once you’ve identified your sensitive data, you can outline your risk exposure and what obligations might be triggered if there is a data breach. Losing or compromising your sensitive data could halt your day-to-day operations, damage your reputation and may result in legal consequences. 

Different types of data will create different types of risk exposure. For example, if you’re manufacturing an innovative technology, you may be housing critical IP that could pose a competitive risk for your business if accessed. Or perhaps you run a vertical operation that collects people’s personally identifiable information, triggering disclosure obligations under the Privacy Act. 

  • Set up a framework of policies and procedures

By identifying your data and the risks associated with a breach, you can put together a framework of policies and procedures to protect it. This framework should suit the applications and data specific to your business operations and make it easier to adhere to compliance requirements and prevent cyber threats.

For example, you may consider implementing multi-factor authentication to prevent unauthorised access to a device or network that contains sensitive information. A great place to start is with the Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model, which outlines eight essential mitigation strategies that businesses should implement as a baseline. This Model is also a great way to learn more about the protocols, and even the terminology used.

You can also create a data breach response plan to be prepared in the event that a breach does occur. If you’re able to quickly respond to a breach, you may be able to lessen the financial and reputational impact. 

  • Engage a third-party advisor

While you may already have an internal IT resource in your team, a third-party advisor can provide you with tailored cyber security advice to suit your manufacturing business’ needs. This is especially relevant if you operate within an industry that has specific requirements or regulations, such as defence.

Prior to engaging a provider, request they provide references from other businesses similar to yours, and proof that they are certified to do the job. You can also ask them how they manage risk within their business to ensure they are following industry best practice.

As a first step, it’s important to hold regular check-ins and ask your IT advisor for monthly reports to help to identify issues as they arise. In the long term, an annual or biannual audit into your business’ cyber resilience will ensure your processes and procedures are up to date and your company remains compliant.  

  • Educate your staff on cyber threats

Finally, and perhaps most important, recognise that your staff play a critical role in defending your business against cybersecurity threats. Once you’ve created your framework, educate your staff on your policies and procedures. By providing them with the necessary resources and training, your staff will proactively help to identify risks and keep your business safe from cybercrime.

IMCRC is a small business and we hold regular training sessions to keep our staff up to date with cybersecurity best practice. To stay ahead of constantly evolving cyber threats, we recently covered topics including:

  • Staying cyber resilient while working from home
  • Understanding the cyber security essentials – websites, software and emails
  • What to do when you encounter a cyber threat.

The rise of Industry 4.0 has created a digital ecosystem that’s constantly evolving, and with the uptake of new technologies comes new threats and vulnerabilities. As a result, becoming a secure and vigilant business requires constant work and upkeep. It’s important that you regularly return to the above checklist to ensure your policies and procedures advance in line with your technology. You can also sign up for the ACSC Partnership Program to access timely information on cyber security issues and how to deal with them.

Sam Silva is IT and Finance Manager at the Innovative Manufacturing Cooperative Research Centre.

@AuManufacturing’s Cybersecurity – Identity and Access Management series is brought to you through the support of Thales Cloud Protection & Licensing (CPL).

Subscribe to our free @AuManufacturing newsletter here.

 



Subscribe to newsletter

Back to homepage

Topics
Analysis and Commentary   Technology  
Share this Story
Analysis and Commentary



More in this section

Image for If plastic manufacturing goes up 10%, plastic pollution goes up 10% – and we’re set for a huge surge in production
Analysis and Commentary  

If plastic manufacturing goes up 10%, plastic pollution goes up 10% – and…
Image for Towards 3% R&D – continuous improvement in manufacturing by Serena Ross
Analysis and Commentary  

Towards 3% R&D – continuous improvement in manufacturing by Serena Ross
Image for Towards 3% R&D – the role of industry policy by Roy Green
Analysis and Commentary  

Towards 3% R&D – the role of industry policy by Roy Green
Image for Towards 3% R&D – Boosting industry and research collaboration, by Dr Tony Peacock
Analysis and Commentary  

Towards 3% R&D – Boosting industry and research collaboration, by Dr Tony…

@aumanufacturing Sections



Analysis and Commentary Awards Defence Manufacturing News Podcast Technology Videos

Stay Informed


Go to Top