5, November 2019
How to Recover from a Cyber Attack
This article is the fifth installment in a five-part series outlining best practices when it comes to “Cybersecurity for Manufacturers.” These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.
In part four of the MEP National Network five-part series on “Cybersecurity for Manufacturers,” we covered how to respond quickly to an information security breach with a prepared plan of action. Now we’ll explore effective mechanisms for restoring operations after a cybersecurity incident so you and your employees can get back to business.
Recovering from a cybersecurity incident can be a daunting undertaking, especially if you’ve lost information that’s critical to running your manufacturing facility. But you can limit the damage to your company and your reputation by developing a solid recovery plan in advance.
Make Full Backups of Essential Business Data
Conduct a full, encrypted backup of your data on each computer and mobile device at least once a month, shortly after a complete malware scan. Store these backups at a protected, off-site location. Save your encryption password or key in a secure location separate from where your backups are stored. Many software applications will allow you to encrypt your backups.
With your backups in place, if a computer breaks, an employee makes a mistake, or a malicious program infects your system, you’ll be able to restore your data. Without backups, you’ll have to manually recreate your business information from paper records and employee memory.
It’s essential to back up data such as:
- • Word processing documents and electronic spreadsheets
- • Databases, especially customer relationship management (CRM), financial, human resource (HR), and accounts receivable (AR)/payable (AP) files
- • Product design and manufacturing data associated with or related to CAD/CAE/CAM, process plans, tooling and other inventory information, production scheduling, inspection, maintenance, bid data, work orders, scheduling
- • Other operational technology (OT) data such as machine and process condition monitoring and analysis
- • System logs and other information technology (IT) information
Don’t worry about the software applications; just focus on the data. Store your backups on an external USB hard drive, other removable media, or a separate server. Use caution when selecting a partner if you decide to store your data online and encrypt all data prior to storing it in the cloud.
Hard-drive backups should be large enough to hold all your monthly backups for one year. Create separate folders for each computer so you can copy your data into the appropriate folder on the external drive. After your backups are complete, test them immediately to ensure your efforts were successful.
Make Incremental Backups of Important Business Information
Plan automatic incremental or differential backups at least once a week. Because they will only record information since your last backup, you may need to schedule them daily or once an hour, depending on the needs of your business. Consider how much information was changed or generated between each backup and the impact to your company if that information was lost. Many security software suites offer automated backup functions that will do this on a regular schedule for you.
Check your storage capacity. You should be able to hold data for 52 weekly backups, so the capacity should be about 52 times the amount of data you want to store. Be extra careful to back up the data for every computer and mobile device.
For extra redundancy, store your backups in multiple locations, such as one in the office, one in a safety deposit box across town, and one in the cloud. Remember that incremental testing is just as important as incremental backups to ensure you can read your data and use that information in the event of a security breach.
Consider Cyber Insurance for Increased Recovery Capability
Like flood or fire insurance, you can purchase cyber insurance for your facility. These services can help you recover from an information security incident more quickly and effectively and may cover the cost of:
- • Cybersecurity expertise to assist in identifying the extent of damage caused
- • Consultation to help investigate the incident and report it to the appropriate authorities
- • Loss of revenue due to downtime
- • Legal fees, fines, and penalties incurred
As with any partner, select a cyber insurance provider with care. Do your due diligence by researching the company, the services they provide, the type of events they cover, and their reputation for meeting their contractual agreements.
Assess & Improve Your Procedures & Technologies
Take an honest look at your processes, procedures, and technology solutions and assess what improvements you need to make to reduce your risks. Try conducting training or tabletop exercises. These scenario exercises can simulate a major event, which will allow you to identify potential weaknesses and readiness. Then you can make corrections as needed.
Traci Spencer is the Grant Program Manager for TechSolve, Inc., the southwest regional partner of the Ohio MEP. A member of the MEP National Network Cybersecurity Working Group, she recently completed the management of a two-year program that raised awareness and assisted small and medium-sized companies with the integration of Industry 4.0 technologies including cybersecurity, robotics and automation, additive manufacturing, big data/cloud computing, and modeling and simulation.