Don't think that manufacturing companies aren't prime targets for bad guys!
Cybercrimes in the manufacturing sector are becoming more prevalent because thieves want to get their hands on valuable intellectual property and billing information. Unfortunately, a lot of manufacturers make data way too easy to get.
Why? Because humans are predictable!
- We typically re-use the same passwords across multiple sites. So if LinkedIn gets breached, then the bad guys can quickly use those same passwords to log into Office 365.
- We are curious – and we want to help. If you get an email from a colleague asking to collaborate on a file or to help with a payment, we typically take action without confirming that the request is legitimate.
The bad guys use these tactics to help steal your log in information – which can then be used to siphon money and data out of your company.
Here are 7 simple and free things you can do to help mitigate your risks.
- Set up a wire transfer policy that requires voice confirmation before a wire is executed or approved.
- Set up a custom log in page for Office 365 or Google that helps the employee quickly identify that the page they are logging into is really your company page.
- Review your Admins (in Office 365 they are called Global Admins). If you have any end users that are using their day to day account as a Global Admin, set up a separate account (such as firstname.lastname@example.org) that is used for administrative activities. This can protect your tenant in case the employee’s email gets compromised. (Global Admins don’t have to have licenses assigned, so this is free!)
- While you are at it, set up MFA for your Global Admins. Consider setting it up for all users (recommended!). There are free and paid options.
- Remind your staff, frequently, that security starts with them and they should think twice before clicking that link or authorizing that wire.
- Have your insurance provider review your coverage for cyber security and social engineering fraud coverage.
- Check the dark web to see if your account has been compromised in a data breach.