Getty
Getty image / cyber attack

6 Ways to Protect Your Machine Shop’s Data

May 6, 2019
Data exchange and connected systems bring multiple advantages, but they expose manufacturers to data theft and other risks. Learn to protect your business’s vital information.

Production and process data are essential to your machine shop’s activities, especially considering the rise of the Industrial Internet of Things (IIoT). Modern manufacturing machines are connected to the Internet and transfer valuable data across the company's network. While these technologies provide numerous benefits, they also expose businesses like yours to cybersecurity risks. Additionally, manufacturing businesses have design data and other vital information to protect. Here are six ways to protect your machining company's data.

1. Create a holistic security plan — Creating a security plan that takes a holistic view of your organization and involves everyone within the company is a crucial step toward protecting your company's data. Such a plan will be the foundation of everything you do to keep your information safe.

It's also essential to establish written policies related to data protection. These written rules should clearly define the roles and responsibilities of people across the organization, as well as contractors, suppliers, consultants and other third parties.

Senior organizational leaders should take ownership of the protection plan, but it's important that everyone feels invested in its success. Clearly defining roles and keeping employees informed with regular updates can help with this.

The organization should monitor the program and regularly audit it to ensure policies are being followed and to determine what aspects of the plan need improvement. Through this process, you can continuously improve your data protection program.

2. Use a VLAN for sensitive machines — Using a virtual local area network (VLAN), an isolated network managed with a switch, can help to protect sensitive machines. Setting this switch within the network software enables you to choose which connected devices can communicate. Access to that network is limited and the equipment on the VLAN is separated from the main system. Because you operate the switch in your network software, you don't have to change any physical cabling to reconfigure the VLAN.

This will prevent access to the programmable logic controllers, or PLCs, that run many machine tool subsystems. These PLCs could be used to disable a machine or cause it to malfunction, so protecting them is important.

3. Use strong password practices — When you first receive routers, switches and other network equipment, the network vendor typically will provide default passwords to make set-up easier. You should change these default passwords after setting up your equipment, because they can be easy for hackers to guess. If someone figures out your network password, they can change your computers' settings and inflict significant damage.

Make sure you choose a strong password. Avoid common words or phrases, such as the name of the company, its location or the owner's name. The most secure passwords consist of strings of at least eight random letters, numbers or symbols. You can use a random password generator to create one.

It's also important that employees use strong passwords for any individual accounts. They also should change their passwords periodically, or at any time a security incident occurs. Employees should use different passwords for every account.

You might also consider using two-factor authentification, which offers another layer of security. This approach means an employee needs to verify his or her identity in two ways before being granted access to a system. They might, for example, insert a USB stick with a special security token in addition to entering their password.

4. Keep all computers up-to-date — A basic but crucial security practice is to keep all equipment on the network up-to-date. It's vital that you update the operating systems regularly, as well as all security software and other software used on your PCs. This includes computers used for engineering, programming and management, as well as those used as part of control systems.

Create a schedule for updating your PCs and servers so you can ensure they receive regular updates. Software providers typically provide these regularly to fix bugs or add new capabilities and features. Some of these upgrades might include improved security measures, so take some time to determine if they are needed.

You may have some machine controls with PC front-ends that use older versions of operating systems that no longer receive updates. If this is the case, consider upgrading your equipment or take steps to isolate this network from the main one.

5. Purchase a hardware firewall — Purchasing a firewall and keeping it updated is crucial for keeping your machining company secure. Firewalls control the flow of data to a network or device by inspecting it and then blocking it if it poses a potential threat. Firewalls operate according to a set of rules designed to protect against hacking and other threats. If the firewall identifies a data packet as a threat, it will block it.

Hardware firewalls can protect the entire network, whereas computers run their own software firewalls to protect each machine. You only need one hardware firewall per system, and these are relatively inexpensive. You will install your firewall in front of switches that are connected to the public internet.

It's also crucial that your firewall should be configured to receive security updates each day through an online service. These services maintain databases of things like harmful IP addresses and suspicious email addresses.

6. Don't forget about physical security — As connected devices become more prominent in machining, the focus of security is shifting to cybersecurity. However, it's also important not to overlook physical security. If someone who intends to steal data can get into your facility, their job will be much easier.

Ensure you always keep doors locked, and consider installing a security system that includes cameras and alarms. Don't forget that windows, loading docks, roof hatches and delivery bays can act as a point of entry for a determined intruder. Require employees to use a key card or code to gain access to the building or certain protected areas and encourage workers to report any suspicious activity.

As data becomes a more integral part of how machine shops and manufacturers operate, these businesses need to take steps to protect it. Following these six tips can help.
Kayla Matthews writes about the IoT, IIoT, automation and smart technologies for publications like InformationWeek, Manufacturing.net, Robotiq others. To read more from Kayla, follow her personal tech blog, Productivity Bytes.

About the Author

Kayla Matthews | Freelance Journalist

Kayla Matthews writes about the IoT, IIoT, automation and smart technologies at her personal tech blog, Productivity Bytes, and for publications including InformationWeek, Manufacturing.net, Robotiq, and others.

Latest from Enterprise Data