Home / Human Error: A Growing Cybersecurity Risk for Metalworkers

Human Error: A Growing Cybersecurity Risk for Metalworkers

How improved internal security practices and a focus on human error can help protect your business from cyberattacks.

Posted: October 20, 2022

Improve your business’s safety culture by setting high standards for how devices are used, managed, and monitored — and train your team to abide by those standards.
If you haven’t reviewed your IT equipment protocols recently, examine the physical security of your technology.
If you haven’t reviewed your IT equipment protocols recently, examine the physical security of your technology.

Since the onset of the pandemic, businesses across all industries have seen a significant increase in cyberattacks. In fact, a recent survey conducted by the Manufacturing Leadership Council found that, as of 2022, nearly 50% of surveyed manufacturers have been a victim or target of cyberattacks.

Most operations understand the implications of cyberattacks—and your IT department has likely put some safeguards in place. Regardless, attacks still happen. As an underwriter, I help evaluate risks, and I’ve found that the most significant vulnerabilities among manufacturers are often caused by individuals within — or with close relationships to — the organizations themselves. A recent study from IBM found that 95% of cybersecurity breaches can be traced back to human error.

Without greater awareness of their actions by employees, they may not follow best practices that could prevent physical or digital access to a device or account. One mistake could lead to a hacker finding their way into your network, encrypting your systems, and either halting production or demanding a ransom.

Phishing attempts and malicious software might be in the news, but don’t overlook unauthorized physical access to your devices. To help reduce such vulnerabilities, listed below are recommendations to help your team stay vigilant about protecting your metalworking operations from cyberattacks.

Keep a Close Eye on Equipment — and Who’s Using It

If you’re a small- to medium-sized manufacturer, you likely trust your employees with your business information and technology. However, many scenarios could lead to the unauthorized use of your equipment, including:

  • Open office doors and manufacturing bays
  • Devices that aren’t properly stored or locked away
  • Unsupervised visitors, including cleaning crews or maintenance personnel
  • Identity theft and fraudulent impersonation

Most breaches caused by human error can be avoided through common-sense security measures, such as:

  • Not letting third-party individuals (e.g. cleaners, network repair personnel) work on or near systems unsupervised
  • Locking laptops and other mobile devices when not in use
  • Enabling the session lock feature on operating systems to lock screens after several minutes of inactivity
  • Using privacy screens or positioning computer displays so information isn’t visible to people passing by
  • Properly disposing of old technology by electronically wiping any data-containing devices and physically destroying them
  • Requiring individual user accounts for each employee
  • Removing administrative privileges from employee accounts (unless they’re essential) to help prevent the installation of unauthorized software

If you haven’t reviewed your IT equipment protocols recently, examine the physical security of your technology. Identify which areas leave you most vulnerable and implement new practices to help protect your business.

Create a Reliable Team

According to guidance from MEP National Network and the National Institute of Standards and Technology (NIST), employees and third-party personnel are primary sources of security incidents. Because they’ve been given access to important business information and systems, they can easily cause harm — deliberately or unintentionally.

Conducting comprehensive background checks and cybersecurity training can make a significant difference in your efforts to minimize the risk of a breach. Before hiring a new employee:

  • Perform a complete, nationwide criminal background check and, if possible, a credit check on all prospective employees — especially if they’ll handle business funds.
  • Contact prospective employees’ professional references to verify the dates they worked for a company and other specifics to help ensure their honesty.
  • Call the schools they attended and verify their attendance and graduation. This is particularly important if their role has specific education requirements.

Comprehensive training can help mitigate the risk of human error. Train employees immediately after they’re hired — and at least annually after that so they understand IT security policies and their responsibility to protect your business’s information and technology.

Employee training should cover:  

  • How to recognize and react to phishing scams.
  • What they can and cannot use business devices for (e.g. checking personal email).
  • How to properly manage and store customer or business information.
  • What to do in case of an emergency or security incident.
  • Basic practices surrounding equipment — including physical storage and security.

Everyday conversations, meetings, or company newsletters can reinforce your team’s understanding of cybersecurity. Revise your technology policies and procedures annually — and when you make operational changes or introduce new devices.

Protecting your operation from cyberattacks starts from the inside out. Improve your business’s safety culture by setting high standards for how devices are used, managed, and monitored — and train your team to abide by those standards. Doing so can leave you less vulnerable to data breaches and costly downtime, so your business can operate seamlessly in a world of rapidly changing technology.

These recommendations are just a start. Be sure to talk with your insurer or a local cybersecurity expert to discuss in greater detail how to best protect your business.

www.sentry.com

Subscribe to learn the latest in manufacturing.

Subscribe to learn the latest in manufacturing.

Calendar & Events
Southeast Design – 2-Part Show
September 11 - 12, 2013
Greenville, SC
Mid-Atlantic Design – 2-Part Show
September 25 - 26, 2013
Phoenixville, PA
CMTS of Canada
September 30 - October 3, 2013
Mississauga, Canada
Wisconsin Manufacturing and Technology Show
October 8 - 10, 2013
Wisconsin State Fair Park Exposition Center Halls B&C
DISCOVER 2013
October 8 - 16, 2013
Florence, KY
WESTEC 2013
October 15 - 17, 2013
Los Angeles, CA
SOUTH-TEC
October 29 - 31, 2013
Greenville, SC
New England Design-2-Part Show
October 30 - 31, 2013
Marlborough, MA
DMG / Mori Seiki Manufacturing Days
November 12 - 15, 2013
Mori Seiki Manufacturing – Davis, CA
FABTECH
November 18 - 21, 2013
McCormick Place – Chicago, IL
Midwest Design-2-Part Show
November 20 - 21, 2013
Northern Kentucky Convention Center – Covington, KY
PCD Tool Manufacturing
November 20, 2013
United Grinding North America – Fredricksburg, VA