This article appeared in the February 2020 issue of MiMfg Magazine. Read the full issue and find past issues online.
Cyber security is a technology thing — right? False. While much of cyber security is centered around the use and protection of technology, it most certainly doesn’t fall into the responsibility of the technology department. Leading up to 2020, there has been a big misconception that cyber security should be an area for the IT department to handle.
When a company experiences a cyber-attack, the entire business, and its future, is instantly at risk. Every department, every customer and every line of business is at risk. Business owners need to stop thinking of cyber security as an IT responsibility and start looking at it as a way to protect their business assets. Given the growth in cyber threats and their potential to destroy a business, it is crucial that CEOs embrace a cyber security mindset.
Growing a manufacturing company takes long hours, hard work and dedication. Many manufacturing companies in Michigan have been in business for generations. If you’re not protected, all you’ve worked so hard for could be gone in an instant. That is the threat of simply clicking on the wrong link or opening a malicious e-mail attachment.
Think about that for a minute. If your company does not have cyber security protection or a plan in place, you are at risk for data leaks, malware, phishing attacks via e-mail, and worse yet, ransomware. You might think “but what if I pay for cyber security protection and don’t really need it?” Why run that risk? You wouldn’t run your business without insurance, would you? Then why would you run your business without cyber security protection?
Cyber security goes much deeper than having a firewall and anti-virus protection in place. While these basic security measures are important, they are no longer sufficient for today’s threat landscape. Cyber criminals don’t care what you do or how long you’ve been doing it. Their methods for attacking companies like yours are malicious, designed to confuse individuals, and can easily overcome traditional IT security practices (firewalls and anti-virus).
Your internal IT team already has an enormous amount of responsibility. They are also not trained in advanced cyber security. An effective cyber security program requires 24/7 monitoring and a deeper level of knowledge, planning and expertise for it to be done correctly.
Additionally, because cyber security can impact the entire company, planning for cyber security should be done by top executives. If your employees see that the CEO embraces and supports cyber security, then they will too. Far too often, technology teams will implement new standards and technologies and the employees drag their feet to embrace it. Cyber security is a mindset that requires attention from CEOs and the leadership of senior executives.
ASK is an MMA Premium Member company and has been an MMA member since June 2016. Visit online: justask.net.