Are You Cyber Secure?

Loss of data because of hardware failure or cyber attacks can be a disaster for small businesses and industrial users who don’t take proactive measures to mitigate the inevitable.

Unfortunately, many businesses are complacent and unprepared.

Two recent events have sparked new interest in what is potentially a costly ordeal. The first is the experience of a friend who operates a successful online business that involves a massive database of photo-heavy blog postings and an equally large collection of training videos. Her main machine crashed recently. All was lost on her main hard drive.

This would have been a disaster for her small business, but she long ago heeded good advice and maintains an off-site backup, using the Backblaze (backblaze.com) system. After she replaced her machine, the Backblaze people sent her an external drive that contained all of her data. She simply connected it, copied the files, and was back up and running. That external drive service cost her $180, which was refunded when she returned the drive. Basically, she followed sound data-security practices and suffered a trivial inconvenience/time loss when inevitable disaster hit.

The other experience is a recent event I attended that was focused on industrial data security and malware cyber attacks. One of the factors that was prevalent, and quite surprising, is that far too many companies fail to set up off-site backup systems. In a couple of the examples, the malware also attacked on-site company backups and some virtual machines.

After the event, I approached one of the panel experts and stated my surprise that data-backup rule number one was not universally followed. He shrugged his shoulders and said that, in fact, it was a rather common failure.

Another vulnerability is malware that finds its way into industrial networks. For an answer to that worry, I headed to Google looking for a list that I could share. I hit the mother lode when I found Industrial Cyber Security for Dummies, a Belden/Tripwire Special Edition. The free ebook, written by David Meltzer and Jeff Lund, is available at info.belden.com/iit/cyber-security-for-dummies.

The publication lists six common attack methods:

• Internet-connected industrial-control system devices
• remote access using stolen or misused credentials
• external business-web interface vulnerabilities
• infected USB and other connected media (according to experts in addition to the authors, this is a more common attack point than most realize)
• phishing and spear-phishing email
• weak and unauthenticated communication protocols.

If your company has limited IT resources and/or you know you’ve been less than vigilant about cybersecurity, you might start improving things by downloading the Dummies book and at least get a beginner’s view of where you stand. If you just skimmed my ramblings because you have every confidence that your company has things buttoned down, I suggest you stop and call a meeting. The victims discussed in the event I attended were large, multi-site companies that had active IT departments and every confidence their systems were secure. EP

gparr@efficientplantmag.com