Manufacturing companies have increasingly become the target for cyber criminals. Just look at this week's story in the Milwaukee Journal-Sentinel: Manufacturers across the U.S. are being targeted because—in short—they are relatively easy targets. Though their businesses are built on highly profitable, big-ticket products, their websites are often weak, and website security is hardly ever a core focus of their marketing plans.
With more reports of major data breaches (e.g., hackers accessing trade secrets) each week, manufacturers shouldn’t wait any longer to upgrade more secure platforms, or implement safer practices within their company. As the Journal-Sentinel article explains, threats are coming via email, thumb drive, and variety of other criminal tactics. Hence, there's a strong need for manufacturers to take a holistic approach to their online marketing, marketing technology, and web security.
What Types of Attacks Are Most Common for Manufacturers?
While you’d expect a high-level data breach to be most common in stealing confidential information, even manufacturers are targeted through some of the oldest means in the book.
1. Business Email Compromise (BEC) Schemes
According to Trend Micro, there are three versions of BEC schemes, all of which involve the solicitation of money by either posing as a company exec or hacking an employee’s email account. Why are they so effective? Well, rather than being sent out as mass emails, BEC schemes are targeted at a specific employee. This prevents the emails from getting marketing as spam, increasing the likelihood of an open or click-through.
2. Spear Phishing
Spear phishing involves an authentic looking email being sent out to employees on a large scale. This mass email involves a cybercriminal posing as a member of the company, who needs verification of confidential information such as passwords. Once they receive the password(s), hackers typically prod certain accounts to gain access to private information and business practices—a major threat to manufacturers dependent on their private methods (e.g., trade secrets).
3. Installing Ransomware
Similar to the the two attacks above, it only takes a single click on an email link or attachment for ransomware to begin encrypting thousands of files on your computer or network storage. Often times, the only way to receive access to this data again is through paying the ransom—often only payable. Even if this ransom is paid immediately, there’s no guarantee all files will be restored, which can come at an even greater cost to manufacturers with key job routings, processes and other crucial information.
How Do You Avoid These Attacks?
1. Network Penetration Tests
This measure involves a security firm staging an attack on your network. It’s not uncommon for the targeted data to be obtained within hours, which opens the target company’s eyes to leaks in their network and website security platform. According to Sikich, a professional services firm, only 33 percent of manufacturers have annual penetration tests conducted on their network. With cyber criminals growing more sophisticated, it’s crucial for a security firm with expertise on the latest hacking measures to conduct at least one test per year.
2. Educate Employees From the Ground Up
On the other hand, since many hackers are currently using simple means (e.g., phishing) to target victims, all client-facing employees should be educated on how to identify fraudulent activity early. There are now a plethora of online tutorials on how to detect suspicious behavior, but the real training begins with buy-in from leadership. With the proper education from management, and a process for identifying attacks before they occur, employees will be prepared for common attacks.
3. Have a Backup Server in Place
While this necessity won’t prevent an attack in the first place, it can ease the repercussions of being hacked. For example, if a company employee falls victim to a BEC scheme where ransomware is installed, a backup server could allow you to recover files without having to pay the ransom. You can clear the infected devices, and restore files from the backup, ensuring some files aren't lost for good.
Secure Website Platforms are a Necessity
While the majority of attacks mentioned earlier occur through email, your website platform will also determine the security of personal as well as confidential lead and client information. These days, email and website converge in a number of marketing scenarios, so it's increasingly important to integrate security factors into your marketing technology decisions.
As mentioned in our recent article on SSL, the information provided by contacts through online forms is in jeopardy without the proper online security measures. Ensure that your marketing automation software provides SSL services to encrpyt all data sent between the web server and browser.
While many marketing automation software platforms, such as HubSpot have website integration techonology built into the product, there's lesss incentive to pursue these services if they don't offer website security measures such as SSL at little to no cost.
Prioritize Security by Opting for Premium Hosted Web Solutions
Where manufacturers of the past decade may have gotten by with simple websites on Wordpress or Joomla, the future of secure marketing is in premium hosted solutions—especially those services that manage your email, website, and contact database in one. Usually categorized as marketing automation platforms, some very important options include HubSpot, Pardot, and Marketo.
While a premium solution does cost more, the guarantee of security is also included, and for manufacturers especially, that's becoming a very important part of the puzzle. Gone are the days of getting your nephew to make your company a quick website. If you're serious about online marketing and overall security, your decision needs to take into consideration factors like SSL, secure email, and overall marketing automation security.