Are Your Employees Making Your Business Vulnerable to Cyber-Attacks?
By: Elliot Forsyth
Cybersecurity is no longer optional—it’s a necessity for business survival. As cyber-attacks have become increasingly sophisticated and the frequency continues to escalate at breakneck speed, it’s imperative that your business has a plan to combat these dire threats. After all, it’s no longer a question of “if” a cyber-attack will occur, it’s now a matter of “when.” According to a Deloitte report, 39 percent of executives surveyed experienced a breach in the past 12 months.
While technical compliance issues are an integral part to help safeguard your business, one critical element is frequently overlooked—the human element. Cybersecurity is primarily focused on the dangers of outside threats, but businesses must recognize that inside cybersecurity threats caused by employees are equally damaging and expose your business to serious vulnerabilities. Worst of all, your employees might not even be aware they’re putting your business at risk!
The emphasis on staff safeguards and training is evident in a guiding cybersecurity document published by the National Institute of Standards and Technology (NIST). The publication, known as NIST 800-171, is a fundamental part of requirements for Department of Defense (DoD) contractors who must comply with Defense Acquisition Regulations System (DFARS) clause 252.204-7012 by December 31, 2017.
The focus of NIST 800-171 centers on Controlled Unclassified Information (CUI), unclassified information that must be protected from public disclosure. NIST’s Special Publication 800-171 defines policies in 14 main categories that apply to all prime and subcontractor companies conducting business with the Federal Government. Five of the 14 components address the human element of cybersecurity. By following the best practices for each, you can make a significant impact on the security of your organization’s infrastructure, as well as meet compliance requirements for doing business with the DoD:
Access Control & Identification and Authentication – 80% of cyber-attacks are attributed to weak authentication (Source: Dr. John Zandargi, Acting Department of Defense Chief Information Officer). Enforce a minimum password complexity and change of characters when new passwords are created, and prohibit password reuse for a specified number of generations. To maximize security, limit system access to authorized users only. Protect wireless access prior to allowing such connections and encrypt CUI on mobile devices and mobile computing platforms.
Awareness and Training – Ongoing training and education is essential for all employees. Ensure that managers, systems administrators and all users of the organizational system are aware of the security risks associated with their activities and of the applicable policies, standards and procedures related to the security of those systems. Verify that staff personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
Personnel Security – According to the 2017 Black Hat Attendee Survey, the most feared cyber attacker is someone who has “inside knowledge of my organization.” Always screen individuals prior to authorizing access to organizational systems containing CUI. Ensure that CUI and any systems with CUI are protected during and after personnel actions such as terminations and transfers.
Physical Protection – Limit physical access to organizational systems, equipment and the respective operating environments to authorized individuals only. Protect and monitor the physical facility and support infrastructure for organizational systems.
The Best Advice? Don’t Wait Until It’s Too Late.
Are your employees unknowingly sharing highly-sensitive information? Are safeguards in place to ensure an employee doesn’t leak confidential data to a hacker? Are you at risk for losing DoD business? When you have proper training and safeguards in place, you can confidently answer these questions and help protect your organization and intellectual property.
Ask how the Michigan Manufacturing Technology Center (The Center) can help. Contact The Center today at 888.414.6682 or email firstname.lastname@example.org to get started. Have a question? Read our most frequently asked cybersecurity questions here.
MEET OUR EXPERT
Vice President of Business Operations
As a National Institute for Standards and Technology (NIST) affiliate, The Center has developed a state-of-the-art cybersecurity service for companies in the defense, aerospace and automotive industries. Over the past two years, Elliot led this effort and expanded his expertise in cybersecurity, supporting Michigan companies to safeguard their businesses and maintain regulatory compliance. As a result, Elliot has been quoted and interviewed by print, broadcast and online media outlets, as well as presenting at numerous conferences and events.
Prior to joining The Center, Elliot spent more than 20 years gaining broad, global business experience in high tech and manufacturing companies. He has a proven track record and practiced methodologies to transform global corporations for high growth and profitability.
Since 1991, the Michigan Manufacturing Technology Center has assisted Michigan’s small and medium-sized businesses to successfully compete and grow. Through personalized services designed to meet the needs of clients, we develop more effective business leaders, drive product and process innovation, promote company-wide operational excellence and foster creative strategies for business growth and greater profitability. Find us at www.the-center.org.