How Small Businesses Can Strengthen Cybersecurity
Cybersecurity. It is one of the most critical risks to any business today.
The cybersecurity risk does not have a ROI (Return on Investment) in a typical sense, but is more like a ROR (Return on Risk). It includes things like safety, licensing, insurance and other every critical task that businesses must perform to be successful.
On October 4th, 2022, Protomatic was asked to explain our “Cyber Journey” to a gathering of Michigan businesses at the Michigan Manufacturing Technology Center (https://www.the-center.org/). MMTC is a partially Federal- and State-funded training center targeted to helping businesses improve and maintain a competitive edge.
With this prospective, Protomatic talked about one of the Cybersecurity Specifications that can be applied to most businesses — Cybersecurity Specification NIST SP800-171 (free download at https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final). At Protomatic, this standard has helped in significantly defining our cyber structure realm by creating a much stronger cyber environment.
The presentation was presented by Protomatic VP/General Manager Doug Wetzel, and addressed some of the more difficult problems that small businesses must address, such as:
- Legacy Computers – Older stand-alone PCs are one of the prime cyber weaknesses in small business. They are still running on old, outdated operating systems, like Microsoft XP, Vista, and Win 7. Upgrading/replacing or creating safeguards is critical using other techniques.
- Media Protection – How to control and encrypt portable media like Flash Drives. These problems can be resolved in several ways such as disabling USB ports, or using encrypted USB flash drives.
- DLP – The use of Data Loss Prevention Programs (DLP) and how to implement strategies to prevent data loss.
- Training – Cyber mistakes happen. Training is critical. By category, most mistakes and exposures originate from employees. It is important to train and test often.
- Backups – RAID computer servers and maybe mirror servers is preferred. Local and encrypted remote backup is critical. Make sure your remote backups are safe with a Rated and Certified backup system.
- SIEM – This is a special appliance called “Security Information and Event Management” that connects to the Local Area Network. It catalogs all devices and software on the network; conducts penetration tests looking for weak parts of the network; monitors all cyber events and report alerts via e-mail or dashboard; tracks trends and activities; creates compliance with a System Security Plans(SSP); and helps develop a POAM (Plan of Action and Milestones).
- Manage IT Infrastructure – Most C-suite managers do not understand cyber environments. Education of the direct managers is important, so future changes do not create a future weakness.
These are just some of the topics we discussed to help other companies learn from our successes and failures regarding cyber infrastructure. Our interest is to make all businesses strong in the cyber front, because strong suppliers and customers will make all of us successful in the long run. The Cyber Journey for all business is long and constantly improving.
Staying up to date on all aspects of cyber security and applying it throughout our operations is another way we show our commitment to Life-Saving Precision in every component we design and manufacture.
About the author: Doug Wetzel is Vice President and General Manager of Protomatic. Protomatic is a CNC precision machining shop specializing in prototype and short-run production components for the medical, aerospace and other technical industries. Because of the critical nature of the parts they design and manufacture, the emphasis is always on Life-Saving Precision.