Your company is too small to be targeted for a cyberattack, right? That’s what Cincinnati Crane and Hoist (CCH) thought too. Like many small and medium-sized manufacturers (SMMs), it was busy with other things in its business and didn’t see itself as worthy of a cybercriminal’s time. The company thought it was too small to attract that kind of attention.
Wrong. CCH learned the hard way – it suffered a cyberattack that forced it to lay off employees. Between its customers and suppliers, this single breach affected at least 100 other companies. When the spear phishing attack happened, CCH President and CEO Tony Strobl said he and his leadership team really didn’t know what to do.
Fortunately, they already had a great relationship with their local MEP Center, TechSolve (part of Ohio MEP). “Hackers send you an email. They make you believe that it is real,” according to Traci Spencer, TechSolve grant program manager. TechSolve helped CCH survive the cyberattack and move forward. Liz McCallum, CCH director of sales and marketing said, “We really feel like we’ve learned a lot from this experience, and if anyone can learn from our mistakes … businesses should educate themselves, hire a cybersecurity expert, encrypt their data, and make longer passwords.”
October is Cybersecurity Awareness Month and it’s a great time to reevaluate your company’s cybersecurity efforts. This year’s campaign theme – “See Yourself in Cyber” – demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. One click on the wrong email can let a hacker into your company’s systems and wreak havoc on your business and beyond.
Here are some key actions that everyone should take for Cybersecurity Awareness Month and practice throughout the year:
SMMs are often less prepared for a cyberattack than larger companies. Their information may not be well protected, their employees not aware of potential risks. Vulnerabilities increase and cyberattacks become more costly as manufacturers adopt new technologies.
The good news is that SMMs often have less complex operational needs than larger firms and may be able to quickly take basic measures to defend their information and systems. Start with the Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers for easy steps to quickly and cost effectively address cybersecurity risk. This guide is based on the Cybersecurity Framework and generally accepted cyber hygiene best practices. It is broken down into five steps: identify, protect, detect, respond and recover. It also has some basic practices you and your employees can take immediately to protect your data.
Taking steps now will protect your business and make you more attractive to potential customers. Don’t wait until it’s too late! The sooner you start managing these risks, the better able your company will be to adapt and comply with customer or industry requirements and respond if an incident does happen. Beyond your bottom line, cybersecurity strengthens supply chains. It’s vital to the U.S. economy and national security that every company takes cybersecurity seriously.
CCH’s Tony Strobl said, “Find an MEP, find somebody with the expertise that can help you firm up your defenses in cybersecurity. This is no longer something you can opt to do. This is a part of doing business today.” The MEP National NetworkTM offers a range of cybersecurity resources for manufacturers, and the experts at MEP Centers in each state and Puerto Rico can help with cybersecurity – and any other challenges your company faces. As TechSolve’s Traci Spencer put it, “We were so glad that Tony called us because that is exactly what we want our manufacturers to feel like. No matter what the issue is, give us a call and let us be part of that solution.”