Securing sensitive manufacturing data
There was a time when securing sensitive information was as simple as putting a lock on a filing cabinet. But with the rapid development of the Industrial Internet of Things (IIoT) and cloud computing technologies, industrial data protection has become much more complex.
Neil Ballinger shares three simple steps to help protect manufacturing data.
Sensitive manufacturing data includes, among others, product cost information, customer data, intellectual property rights, operations information and marketing strategy. If this information ends up in the wrong hands, it can damage the company’s reputation and lead to significant losses in revenues.
In today’s connected world, protecting sensitive information from leakage and theft isn’t as easy as putting a lock on a filing cabinet. The security software industry works reactively to respond to new threats, which means that hackers are always one step ahead of even the most advanced security strategy. So, what can manufacturers do to minimise the risk of data breaches?
Classifying data in a consistent and coherent way is the first step to keeping it safe, so it’s important that companies develop a comprehensive data classification policy.
Data should be categorised according to its sensitivity, with a minimum of three levels of categorisation — restricted, confidential and public. The company’s data classification policy will specify how each category should be handled. For example, if the company’s policy says that customer data is restricted, then it should be encrypted both in transit across the network and at rest.
Once this policy has been implemented, it’s important to plan technical controls to make sure that it is adhered to by everyone.
Standards for data security should be equally strict for everyone in the company. In many businesses, managers have more freedom than the rest of the employees in how they handle sensitive data. For example, they might often use their own devices for corporate projects and operate outside of the company’s firewall.
This is a big mistake, because executive-level managers, particularly the CEO, are usually the ones that hold the most sensitive information. As a result, they are cybercriminals’ favourite targets.
When it comes to sensitive data, managers should be subjected to the same security guidelines that are enforced across the rest of the company. Ideally, managers should be even more careful than other employees, because the information they hold, if leaked, could have catastrophic financial and legal consequences.
Understand the cloud
As businesses increasingly turn to cloud storage solutions and sharing platforms to host sensitive information, data leakage becomes a concern. Storing data in the cloud isn’t necessarily less safe than storing it locally, but it’s important that manufacturers realise that once data is uploaded, they have little or no control over it.
In the metaphor of the filing cabinet, storing data in the cloud would be like sharing the cabinet’s keys with someone else — it’s not necessarily unsafe, but you should know how that person will use them.
Encrypt sensitive data before uploading it to the cloud and make sure you understand the cloud provider’s policies in terms of data security. Once you have a clear overview of the data protection regulations in place, try to compensate for any security gaps. For example, you can add content controls, as well as tracking and deep analytics to files.
Hackers will always come up with new ways of accessing your data, but implementing these simple guidelines will add an extra layer of protection to sensitive information.
*Neil Ballinger is head of EMEA at automation parts supplier EU Automation