Most plant operations managers are not cybersecurity experts, but can benefit from a basic understanding of cybersecurity risks and mitigation activities. A guidance document provided by NIST, NIST Small Business Information Security: The Fundamentals, provides a thorough and easily readable overview of cybersecurity basics.
As a first step, organizations need to understand their cybersecurity risks, to determine where the organization is vulnerable and may be subject to disruption of systems and processes. Organizations can use helpful checklists from the NIST document, or other cybersecurity assessment tools, to conduct the following activities:
Once risks are understood, organizations can determine appropriate mitigation activities. Example activities are shown below, grouped into the five broad categories of the NIST Cybersecurity Framework:
IDENTIFY
Identify and control who has access to your business information Conduct background checks Require individual user accounts for each employee Create policies and procedures for information security.
PROTECT
Limit employee access to data and information Install surge protectors and uninterruptible power supplies (UPS) Patch your operating systems and applications Install and activate software and hardware firewalls on all your business networks Secure your wireless access point and networks Set up web and email filters Use encryption for sensitive business information Dispose of old computers and media safely Train your employees.
DETECT
Install and update anti-virus, -spyware, and other –malware programs Maintain and monitor logs.
RESPOND
Develop a plan for disasters and information security incidents. RECOVER Make full backups of important business data/information Make incremental backups of important business data/information Consider cyber insurance Make improvements to processes/procedures/technologies.