5 ways metals companies can prepare for cyberattacks

Michael J. Del Giudice
| 10/4/2022
5 ways metals companies can prepare for cyberattacks

In the recent annual technology in metals survey results, cybersecurity was once again the single most significant IT-related worry for metals executives – and for a good reason.

Ransomware, phishing attacks, and data theft continue to hurt manufacturing and distribution sectors – including the metals industry. One successful attack can shut down operations, affect communications, and expose sensitive customer data – or proprietary content.

It’s no wonder metals companies are investing in cloud-based solutions like enterprise resource planning (ERP) systems to help them get ahead in their marketplace while also protecting their interests. They are stepping away from antiquated systems that can’t be updated and could expose them to real cyberthreats.

Insights in your inbox
Discover cutting-edge strategies to grow and improve your metals business. Stay on top of the latest Metals 4.0 insights by subscribing to our blog.

Instead, they are putting their faith in hosted technology solutions with support to monitor for threats. These systems are backed by expertise from a team of cybersecurity specialists – a resource that’s in short supply these days.

Are people the weak link of your cybersecurity strategy?

While built-in security support might be comforting, it can provide a false sense of security for metals companies. That’s because so much depends on the people using the technology. One poor decision or innocent human error can expose a company to a painful and costly cyberattack.

The bottom line is that employees must serve as the first line of defense.

Here are five ways metals companies can maximize technology and bring people to the center of their cybersecurity strategy:

1. Educate and empower employees

Employees should be brought to the center of the cybersecurity strategy with regular training to help them to understand their role. Educating them can help protect the metals company while keeping them up-to-date about the latest cybersecurity risks and trends. Companies can keep the threat relevant by offering examples specific to employees’ roles or departments.

Once companies educate employees about their roles and existing cyberthreats, it is essential that they develop a playbook of best practices for keeping the company secure. One of the best ways to do this is to keep the playbook relevant to individuals and help them see how best practices can apply to everyday life, like keeping their personal information safe. Finally, companies should make training bite-sized, easy to consume, and regularly updated.

2. Enhance the user experience with secure applications and tools

The recent technology in metals report highlighted technology's importance in providing a positive user experience to recruit and retain top talent. Not only is this a great strategy for getting the best people, but it also can help defend the company simultaneously.

Companies should look for smarter utilization of cloud resources and business applications that provide intuitive and efficient user tools like those offered by Microsoft Dynamics 365™. In addition, they should look for tools supported in a secure cloud instead of on-premises solutions where data can be exposed to internal vulnerabilities and cyberthreats.

3. Protect employees by securing the endpoint

Educating people and using cloud-based tools are great steps to securing a metals company, but introducing new technology also means introducing new entry points. For example, if a company has an increasing number of terminals, servers, laptops, and mobile devices, the chance that it could become a target for cyberattacks also increases.

Advanced endpoint protection solutions can help protect metals companies and remove some of the burdens on employees. These types of solutions provide advanced threat hunting and look for – and potentially block – any activity that might be suspicious. They also can isolate a compromised device to stop a cyberattack from spreading further.

4. Empower people with the proper permissions

Cloud-based ERP solutions offer employees opportunities to increase their productivity while improving their user experience. But this can become a problem without processes and frameworks for permissions to access the systems.

The good news is that many cloud-based solutions allow for the creation of specific security controls around user needs. Still, creating a process to determine needs and permissions takes intentionality. Once this is established, however, companies can have greater control over and confidence in who gets to access critical data and systems.

5. Create an extra step of protection with multifactor authentication

Many login credentials use multifactor authentication, requiring users to authenticate who they say they are by responding to an email or text when they try to log into a site. Receiving text messages or emails to support authentication is now commonplace.

Investing in multifactor authentication is just another way to protect against end-user mistakes. Furthermore, it’s becoming increasingly costly not to have this additional layer of security as more and more insurers require this kind of protection or increase premiums without it.

Technology + people = secure confidence

Modern technology offers many benefits to growing metals companies that want to get an edge in their market. It can be reassuring to know that cloud-based solutions are backed by updated technology that monitors cyberthreats.

But because cybersecurity depends on the people who use the technology, companies must bring them to the center of their defense strategy.

Let us help you bring technology and people together to protect your metals company

Crowe is an accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation. With decades of experience in the metals industry and the development of metals-specific technologies like Crowe Metals Accelerator, we can help you grow your metals company.

Let us help you bring people to the center of your metals business’s digital transformation – and your cybersecurity strategy.

See metals leaders’ responses to how cybersecurity affects their technology investments by downloading our 2022 technology in metals survey results.

Microsoft and Dynamics 365 are trademarks of the Microsoft group of companies.

Contact us

Michael Del Guidice
Michael J. Del Giudice
Principal, Consulting