This article originally appeared on IndustryWeek. Guest blog post by Traci Spencer, Grant Program Manager for TechSolve, Inc., the southwest regional partner of the Ohio MEP, part of the MEP National NetworkTM.
This article is the fourth installment in a five-part series outlining best practices when it comes to “Cybersecurity for Manufacturers.” These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.
In part three of the MEP National Network five-part series on “Cybersecurity for Manufacturers,” we shared the mechanisms you can use to detect a cyber attack or an information security breach. Now that you are aware of the right tools to detect a threat, it’s time to plan your response strategy.
Don’t wait for a hacker to strike before developing your incident response plan. For smaller manufacturers, even a small security breach can have an enormous impact on their operations. Taking action immediately will empower you to better contain or reduce the impact of a cyber attack.
When developing your response strategy, consider the immediate actions you and your employees will need to take in case of an incident.
Your response plan should include:
Be aware that many states and countries have notification laws that require businesses to alert customers if there is a chance their information was stolen, disclosed, or otherwise lost. Familiarize yourself with international, state, and local laws regarding notification obligations and include that information in your response plan.
Also include instructions on when to notify appropriate authorities. You should contact your local police to file a report if there is a possibility that any personal information, intellectual property, or other sensitive information was stolen. You may even consider contacting your local FBI office, depending on the magnitude of the information security threat.
Most importantly, you and your employees should know your role in your cybersecurity response plan. Develop procedures for each job role that describe exactly what the employee is expected to do if there is a cybersecurity incident.
When everyone understands their role in your response plan, you can act swiftly and mitigate the potential damage. Once things are under control, you can implement procedures you develop to recover from an attack, a process we’ll outline in the final installment of our series on “Cybersecurity for Manufacturers” from the MEP National Network.
For more advice on cybersecurity best practices for manufacturers, contact the cybersecurity experts at your local MEP Center.