Managing sensitive data has become an integral part of every business, regardless of industry. While the manufacturing sector does not collect consumer data on a large scale, it generates and acquires other types of highly sensitive data such as source code, patents, designs, and proprietary information.
Manufacturers are often also part of the supply chain of larger organizations and need to sign non-disclosure agreements (NDAs) that guarantee data confidentiality and, for certain industries, even submit to information security assessments.
This is the case, for example, within the German automotive industry. Original equipment manufacturers (OEMs), as well as partners and companies that are part of the automotive supply chain, whether they are based in Germany or not, must submit to a Trusted Information Security Assessment Exchange (TISAX) assessment to prove the company has an adequate level of information security in place.
Likewise, in the United States, thousands of manufacturing contractors must manage data in accordance with the requirements set out in NIST SP 800-171, Revision 2 and NIST SP 800-53, Revision 5.
Such regulations are in place because data breaches can be disastrous for manufacturers. They can severely impact customer, market, and partner trust, and damage organizations’ chances of winning new contracts. If their intellectual property (IP) is stolen, companies can lose their competitive advantage and suffer a severe blow to their bottom line. According to IBM and the Ponemon Institute’s 2022 Cost of a Data Breach Report, manufacturing companies, included in their industrial category, have an average data breach cost of $4.47 million per incident.
To avoid incurring the high costs, both financial and reputational, associated with data breaches, manufacturers need to follow best practices to ensure continued data security. Here are our top recommendations.
Protect sensitive data from insider threats
Most data protection strategies focus on preventing cyberattacks orchestrated by outsiders and fail to recognize that a company’s biggest security weakness often is its own employees. Through phishing and social engineering attacks, they can be the entry point for cybercriminals into a company network. In manufacturing, in particular, malicious insiders looking to sell confidential information or take intellectual property with them when they leave the company represent a high risk.
The most prevalent type of insider threat, however, is negligence. By cutting corners to resolve issues quicker, employees may adopt the use of unverified collaboration tools, transfer files via the insecure cloud and file-sharing services, or simply leave files exposed in vulnerable locations.
Manufacturers can use DLP software with content discovery capabilities to identify, monitor, and control sensitive data, whether it is stored locally on employee computers or when it is being transferred. Companies can define what sensitive data means in the context of their own business; they can also choose predefined profiles for personally identifiable information (PII) and IP such as patents, blueprints, and source code. With contextual scanning and content inspection, DLP tools can search for sensitive data in hundreds of file types, logging, reporting, and blocking its transfer.
Address sensitive data stored locally
Employees can forget to erase sensitive files from their records once they complete a task. They can also accidentally or intentionally gain access to sensitive data without the company’s knowledge. This can lead to problems, especially in the case of confidential information protected under customer or partner NDAs. To meet their legal obligations, manufacturers must have a way of ensuring that sensitive data is not vulnerable or accessed by unauthorized parties.
Organizations can use DLP solutions to search all company computers for files containing sensitive information. When they are found in unauthorized locations, manufacturers can take remediation actions and automatically delete or encrypt files containing sensitive data directly from the DLP dashboard.
Control removable devices
Employees regularly connect removable devices to work computers in order to complete tasks, share information, or take data with them when they work remotely or travel for business. While very useful, removable devices threaten data security as organizations cannot control how the data stored on them is secured or used. Due to their size, they are also easy to lose or steal.
Manufacturers can use DLP solutions such as Endpoint Protector by CoSoSys that come with device control features to address this risk. Through them, companies can block the use of USB and peripheral ports, as well as Bluetooth connections, or limit their use to approved devices. In this way, companies can monitor which employee has attempted to copy sensitive files onto removable devices and which device was used.
Granular policies can also allow for different permissions depending on the user, group, or department. Someone who works with sensitive data every day, for example, may be barred from using removable devices at all times, while someone who needs to share big files regularly may be allowed to use secure company-issued devices.
Next Steps
Manufacturers must be constantly vigilant. The risk of a data breach spans IP and sensitive contractual information. In many sectors, manufacturers will also need to adhere to data regulations set out by their customers and supply chain partners. To learn more about Endpoint Protector and how we’re helping manufacturers to meet their cybersecurity goals and data compliance requirements, book a demo with one of our Data Loss Prevention solution experts.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.