Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

See Yourself in Cyber

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.
Credit: iStock/EL

Your company is too small to be targeted for a cyberattack, right? That’s what Cincinnati Crane and Hoist (CCH) thought too. Like many small and medium-sized manufacturers (SMMs), it was busy with other things in its business and didn’t see itself as worthy of a cybercriminal’s time. The company thought it was too small to attract that kind of attention.

Wrong. CCH learned the hard way – it suffered a cyberattack that forced it to lay off employees. Between its customers and suppliers, this single breach affected at least 100 other companies. When the spear phishing attack happened, CCH President and CEO Tony Strobl said he and his leadership team really didn’t know what to do.

Fortunately, they already had a great relationship with their local MEP Center, TechSolve (part of Ohio MEP). “Hackers send you an email. They make you believe that it is real,” according to Traci Spencer, TechSolve grant program manager. TechSolve helped CCH survive the cyberattack and move forward. Liz McCallum, CCH director of sales and marketing said, “We really feel like we’ve learned a lot from this experience, and if anyone can learn from our mistakes … businesses should educate themselves, hire a cybersecurity expert, encrypt their data, and make longer passwords.”

Cybersecurity Awareness Month – See Yourself in Cyber

October is Cybersecurity Awareness Month and it’s a great time to reevaluate your company’s cybersecurity efforts. This year’s campaign theme – “See Yourself in Cyber” – demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. One click on the wrong email can let a hacker into your company’s systems and wreak havoc on your business and beyond.

Here are some key actions that everyone should take for Cybersecurity Awareness Month and practice throughout the year:

Four Things You Can Do

  • Think before you click: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
  • Update your software: Don’t delay – if you see a software update notification, act promptly. Better yet, turn on automatic updates.
  • Use strong passwords: Use passwords that are long, unique and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A password manager will encrypt passwords, securing them for you.
  • Enable multifactor authentication: You need more than a password to protect your online accounts, and enabling multifactor authentication makes you significantly less likely to get hacked.

Cybersecurity for Smaller Firms

SMMs are often less prepared for a cyberattack than larger companies. Their information may not be well protected, their employees not aware of potential risks. Vulnerabilities increase and cyberattacks become more costly as manufacturers adopt new technologies.

The good news is that SMMs often have less complex operational needs than larger firms and may be able to quickly take basic measures to defend their information and systems. Start with the Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers for easy steps to quickly and cost effectively address cybersecurity risk. This guide is based on the Cybersecurity Framework and generally accepted cyber hygiene best practices. It is broken down into five steps: identify, protect, detect, respond and recover. It also has some basic practices you and your employees can take immediately to protect your data.

Taking steps now will protect your business and make you more attractive to potential customers. Don’t wait until it’s too late! The sooner you start managing these risks, the better able your company will be to adapt and comply with customer or industry requirements and respond if an incident does happen. Beyond your bottom line, cybersecurity strengthens supply chains. It’s vital to the U.S. economy and national security that every company takes cybersecurity seriously.

Your Local MEP Center Can Help You

CCH’s Tony Strobl said, “Find an MEP, find somebody with the expertise that can help you firm up your defenses in cybersecurity. This is no longer something you can opt to do. This is a part of doing business today.” The MEP National NetworkTM offers a range of cybersecurity resources for manufacturers, and the experts at MEP Centers in each state and Puerto Rico can help with cybersecurity – and any other challenges your company faces. As TechSolve’s Traci Spencer put it, “We were so glad that Tony called us because that is exactly what we want our manufacturers to feel like. No matter what the issue is, give us a call and let us be part of that solution.”

About the author

Katie Rapp

Katie Rapp is a writer/editor for NIST's Manufacturing Extension Partnership where she helps NIST MEP staff use plain language so their readers can understand what they write the first time they read it. Before that, she was a librarian at the NIST Research Library where she learned and wrote about many cool NIST history stories.

Related posts


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.