Let’s start answering that question by asking a few more:
- Do you assume that because your in-house IT expert set up a firewall, you are safe?
- Do you “know” you are safe because you use a service provider to source and maintain your IT assets?
- If you wanted to verify that you have sufficient baseline cybersecurity in place, how would you go about it?
The hard truth for the leaders of manufacturing organizations-especially those that serve the DoD is this: You might be safe, and you might not.
The risk is in not knowing what you don’t know. I’m not suggesting you should become a technology expert on top of what you already do-not at all. I am suggesting that your digital operations should get strategy-level attention, as in a well-thought-out business continuity or disaster recovery plan that includes protecting your sensitive data
If you and I were meeting in your office right now, I’d be asking you these two questions:
- Where and how often is your company data backed up?
- How would the company access and deploy the backed-up data if you needed it right now?
How would you answer them?
Not long ago, I asked them to a new client-a good-sized manufacturer. The leaders in the room weren’t sure, so I excused myself from the meeting, called my office, and had one of our tech team meet me with an external hard drive. We downloaded what we needed to download, and the client at least had a moment-in-time backup.
Pausing the meeting sounds like theatrics, but I assure you it was not. In fact, if you answered “no” or “I don’t know,” I suggest you stop reading this right now and find out. It’s that important.
Why? Because the future is uncertain, and accidents happen.
A while back I got a call at six a.m., which almost always means trouble in my world. The client said it was the strangest thing, but there was a lock on all of their files, and they couldn’t open any of them. In those days, ransomware was a new threat and the anti-virus tools were in catch-up mode. We quickly determined that it was an actual data breach, and their data was being held hostage for X amount of dollars-this was before cryptocurrency. We’d automated nightly back-ups for them long before the cyber attack, so within 15 minutes or so we were able to get them back online and running with minimal interruption.
True, you might never be the victim of a cyber attack. But unfortunately, hackers are not the only threat to your data or your business. How about something like this: your operations grind to a halt for hours and hours because a server with all the critical data tied to it crashed. With a good backup, several hours of downtime can become a few minutes. Also, your offices and manufacturing facilities are just as vulnerable to fire, flood, or misadventure as any structure. Sure, you carry insurance for property damage, but data loss is a whole different animal, yours and your customer’s.
A backup of your data can be the difference between survival and bankruptcy, so it’s a plenty good reason to stop a meeting.
Next, you have to ensure the key people in your organization know how to access the backup. If you are the only person who knows where the backup is or how to contact your IT service provider, then God forbid you have a health emergency or a debilitating accident. If that key IT resource is not you, but an employee, what happens if that person disappears?
Also, make sure that your back-ups are run and tested regularly. Verification doesn’t require much effort: Just access a document or two. If they open properly, you’re likely good to go.
Last, document your backup information, and communicate it to the key people in your organization so they can act in an emergency.
Again, you might operate for another 50 years and never be the victim of a cyberattack or an accident. In fact, I hope that’s the case, but hope is not an adequate business continuity strategy or a method for cyber risk management.
If you want to know more about protecting your business with appropriate backup protocols and other baseline cybersecurity steps, schedule a no-obligation call with us. In 30 minutes or less, you’ll have a clearer sense of your present cyber risk landscape and our thoughts on how to quickly and cost-effectively mitigate those risks.