Picture the scene: You arrive at your small Mohawk Valley manufacturing company one morning and try to log onto your computer, only to discover you’re locked out. All your files—confidential personnel information, financial records, intellectual property and more—are under the control of another party. You can’t even communicate with the millions of dollars’ worth of advanced equipment on your shop floor.
Your entire business is being held for tens or even hundreds of thousands of dollars in ransom. And even if you pay this money, there are no guarantees you’ll regain access.
You might not think this could happen to you, but the fact is that small-to-midsized manufacturers are among the top three targets of cybersecurity attacks in the United States. (Financial services and healthcare are the other two.) When hackers choose to attack a small or midsized manufacturer, their selection is typically made not on the basis of a company’s revenue but because of the limited barriers against cyberattacks.
It shouldn’t be this easy for hackers – and it doesn’t have to be. The New York State Manufacturing Extension Partnership (MEP) can help, with the Advanced Institute for Manufacturing (AIM) at Mohawk Valley Community College taking the lead role.
As a small or midsized manufacturer, cybersecurity should be one of your top priorities. Not only can a cyberattack compromise sensitive information, but it can cost you hundreds of thousands of dollars in lost production time and damage your reputation. If you want to make parts or products for the U.S. Department of Defense or a defense contractor, compliance with NIST 800-171 cybersecurity guidelines may be required.
According to recent estimates, however, about half of New York State’s 15,000 manufacturers lack the general cybersecurity awareness, policies, procedures, technology and employee training programs they need.
Over the past nine years, AIM has helped about 400 manufacturers in all 10 regions of the state to become NIST 800-171 compliant. AIIM has a Cybersecurity Maturity Model Certification (CMMC) registered practitioner on staff and can also connect you with third party resources—contractors, college and university professors, and others—in your region. These experts have the knowledge, skills, experience and credentials to help you become cyber secure and compliant.
Strengthening your company’s cybersecurity profile starts with awareness. AIM, in conjunction with our NYMEP partners, holds events and workshops in every region of the state, typically welcoming between 40 to 100 people at each. Attendees discover the robust cybersecurity resources available through NY MEP as well as the third-party contractors and educational institutions in their region.
The next step is an on-site risk assessment. Our CMMC-registered expert will visit your facility and spend a day evaluating your systems and policies to identify areas of vulnerability and non-compliance. Next, the AIM team will work with you to develop a plan that’s tailored to your specific needs. Often, this includes creating policies and procedures, developing and implementing employee training programs, installing equipment, and more. If you need assistance with financing the project, we may be able to connect you with a funding partner.
With cybersecurity threats to small and medium-sized manufacturers on the rise, it’s critical to be proactive and take steps to secure your business now. Don’t wait until after an attack because then it will be too late.
To get started, attend one of our events, connect with us through your local NYMEP center, or visit our website.
About the Author
Cory Albrecht is Director of the Advanced Institute for Manufacturing (AIM) at Mohawk Valley Community College, a position he has held since 2007. He works with over 700 small- to mid-sized manufacturers in the Mohawk Valley with the goal of helping them increase their competitiveness and grow their businesses, while helping manufacturers statewide protect against cyber-attacks.