Articles
There’s been plenty of talk about cybersecurity recently. Do engineering firms need to worry about it?
It depends on your line of business. Cybersecurity is about protecting your data, so if you deal direct with customers you will need to be meeting personal data protection legislation. If you are B2B, there will be additional concerns over commercially sensitive information.
But we’re only a small firm...
Being small doesn’t hide you from the hackers. Although it’s the large companies and organisations that hit the headlines – TalkTalk, Sony, eBay – anti-virus firm Sophos says around 30,000 websites a day are compromised, and most of these will be small firms. The average cost of a cybersecurity breach is up to £115,000, says the government – a lot of money to a small business.
What can we do?
Most advice focuses on taking simple steps that will keep your IT department busy, such as ensuring software is up to date and using tools that protect against threats. But there is growing recognition that managers further up the chain need to be aware of the issues, understand the data and its flow around your organisation and examine the potential risks.
I know what a firewall and anti-virus software are – surely that’s enough?
No. The gate and drawbridge model of IT security is at least a decade out of date now. Thanks to mobile devices and multiple connections to customers and suppliers, security breaches are inevitable. Cybersecurity experts now talk in terms of micro-segmentation – cryptographically protecting essential data separate from the rest.
Is there anything else to worry about?
The biggest threat comes from inside. All it takes is one employee to click on one dodgy email attachment to compromise, either wittingly or unwittingly. So you could just leave all the computers switched off.
Knowledge: Read up on cyber attacks
The recent high-profile case of a cyber attack on the website of telecoms group TalkTalk reinforces the need for firms to protect themselves adequately from malicious harm. A new book, The Power of Resilience: How the Best Companies Manage the Unexpected, by Yossi Sheffi, professor of engineering systems at MIT in the US, couldn’t be more timely. PE recommends it as a vital read for establishing a first line of defence against cyber interference.