By Genevieve Bookwalter for MxD
Manufacturing companies with machinery and networks connected to the internet are a top target for hackers and cybercriminals.
As such, the U.S. Department of Defense will soon require their manufacturing contractors and suppliers to boost their cybersecurity by meeting standards laid out in the CMMC 2.0 program, which should provide cyber protection for companies that receive, store, manage, or communicate Controlled Unclassified Information (CUI). The deadline to meet these rules is expected in 2024.
But many small to medium-size manufacturing companies are lagging behind on this implementation. With no tech support on staff, some are looking to outsource the work to third-party cybersecurity experts – whether an individual, contractor, or other organization.
Here are five things to consider when hiring an outside provider to handle your company’s cybersecurity.
1. Before hiring a cybersecurity expert, consider how much of the work you want to do in-house and how much you want to outsource.
Can a third party install cybersecurity measures and then hand over the dashboard to your company to monitor? Or do you need ongoing support from an outside security operations center to identify and respond to threats? This answer will help you decide how much outside help you should hire.
One way to look at this question is to compare it to the security in your home. Some might feel they only need a lock on the door. Others want doorbell cameras accessible through their phones. Still others want motion detectors or sensors that alert outside security. Smoke detectors raise similar questions: Should your home smoke detector simply shriek with ear-piercing beeps if it senses a fire, or should it also alert the fire department?
Similar considerations apply to your business. Should a cybersecurity alert simply notify you, or should it call in help from outside your company? This is a decision you should make based on the resources you have, how much security you need, and how much you want to spend on in-house security versus outside services. If someone on staff is knowledgeable and has the time, they may be an appropriate resource to monitor the cybersecurity measures. If not, it might be better to hand it over to an outside expert.
2. Identify all of the unique assets in your organization to help you find a cybersecurity company that can best protect them.
What do you have in your manufacturing plant? Where does the information from your plant go? What do you have that needs better security – software, data, equipment, intellectual property, or other sensitive data stored in file services? These are essential items to inventory when researching cybersecurity firms. This way you can ensure that the firm you hire will monitor your specific assets and address the concerns specific to your organization and industry.
3. Which critical systems and information does your business store?
Do you have computer hard drives, email, or cloud-based information that is critical to your manufacturing plant? Ask the firms you talk to what they will do to maintain the confidentiality, availability, and integrity of these sources and this information. These should be the three most important goals of any third-party cybersecurity company.
4. What else could a cybersecurity firm provide that would help your company?
Could you benefit from a firm with a 24/7 help desk? Should this firm be able to assist with incident response, like if an employee clicks on a ransomware link and you need help remediating the cyber threat and its consequences?
How soon do you need this response? Does the firm provide cybersecurity training or training resources for your employees? Can it help you craft cybersecurity policies and procedures to protect your business? Make sure to ask about these benefits when researching a cybersecurity provider.
5. Get multiple quotes.
Many cybersecurity companies provide protection for small and medium-sized businesses. If you can clearly state your goals and needs, companies can provide you with the most accurate and comparable quotes for your unique business. And always make sure your cybersecurity firm is based in the United States.
Finally, consult the MxD Cyber Marketplace, which provides cybersecurity assessments to manufacturers of all sizes. Cybersecurity assessments are presented in an easy-to-understand format, and participants get prioritized recommendations on the tools, services, and policies they should implement to close security gaps. Users also can get quotes from leading tool and service providers.