Data processing has become an integral part of every business, regardless of the industry in which they operate. While the electrical and electronics manufacturing sector does not collect consumer data on a large scale, it generates and acquires other types of highly sensitive data such as source code, patents, designs, and proprietary information.
Electronic and electrical manufacturers are often part of the supply chain of larger organizations and need to sign non-disclosure agreements (NDAs) that guarantee data confidentiality and, for certain industries, even submit to information security assessments if they wish to secure a contract.
This is the case, for example, within the German automotive industry. Original equipment manufacturers (OEMs), but also partners and companies part of the automotive supply chain, whether they are based in Germany or not, must submit to a Trusted Information Security Assessment Exchange (TISAX) assessment to prove the company has an adequate level of information security in place.
In the United States, the approximately 300,000 companies that do business within the Defense Industrial Base (DIB) supply chain need to obtain a Cybersecurity Maturity Model Certification (CMMC) to be allowed to bid on, win or participate in a Department of Defense contract.
As such, data breaches can be disastrous for electrical and electronics manufacturers. They can severely impact customer, market, and partner trust and damage organizations’ chances of winning new contracts. If their intellectual property (IP) is stolen, companies can lose their competitive advantage and suffer a severe blow to their bottom line. According to IBM and the Ponemon Institute’s 2021 Cost of a Data Breach Report, manufacturing companies, included in their industrial category, have an average data breach cost of $4.24 million/data breach. Data Security Best Practices for Electrical and Electronics Manufacturing.
To avoid incurring the high costs, both financial and reputational, associated with data breaches, electrical and electronic manufacturers need to follow best practices to ensure continued data security. Here are our top recommendations.
Protect sensitive data from insider threats
Most data protection strategies focus on preventing cyberattacks orchestrated by outsiders and fail to recognize that a company’s biggest security weakness often is its own employees. Through phishing and social engineering attacks, they can be the entry point for cybercriminals into a company network. In manufacturing, in particular, malicious insiders looking to sell confidential information or take intellectual property with them when they leave the company represent a high risk.
The most prevalent type of insider threat, however, is negligence. By cutting corners to resolve issues quicker, employees can adopt the use of unverified collaboration tools, transfer files via the insecure cloud and file-sharing services or leave files exposed in vulnerable locations.
Manufacturers can use Data Loss Prevention (DLP) solutions with content discovery capabilities to identify, monitor, and control sensitive data, whether it is stored locally on employee computers or when it is being transferred. Companies can define what sensitive data means in the context of their own business; they can also choose predefined profiles for personally identifiable information (PII) and intellectual property such as patents, blueprints, and source code. With contextual scanning and content inspection, DLP tools can search for sensitive data in hundreds of file types, logging, reporting, and blocking its transfer.
Address sensitive data stored locally
Employees can forget to erase sensitive files from their records once they complete a task. They can also accidentally or intentionally gain access to sensitive data without the company’s knowledge. This can lead to problems, especially in the case of confidential information protected under customer or partner NDAs. To meet their legal obligations, manufacturers must have a way of ensuring that sensitive data is not vulnerable or accessed by unauthorized parties.
Organizations can use DLP solutions to search all company computers for files containing sensitive information. When they are found in unauthorized locations, manufacturers can take remediation actions and automatically delete or encrypt files containing sensitive data directly from the DLP dashboard.
Control removable devices
Employees regularly connect removable devices to work computers to complete their tasks, to share information, or to take data with them when they work remotely or travel for business off-site. While very useful, removable devices threaten data security as organizations cannot control how the data stored on them is secured or used. Due to their size, they are also easy to lose or steal.
Manufacturers can use DLP solutions such as Endpoint Protector that come with device control features to address this risk. Through them, companies can block the use of USB and peripheral ports as well as Bluetooth connections or limit their use to approved devices. In this way, companies can monitor which employee has attempted to copy sensitive files onto removable devices and which device was used.
Granular policies can also allow for different permissions depending on the user, group, or department. Someone who works with sensitive data every day, for example, may be barred from using removable devices at all times, while someone who needs to share big files regularly may be allowed to use secure company-issued devices.