Didion: See How One brass foundry reclaimed $321,867 in three months.

Cyber Security: Are You Safe?

Eric Aparnieks
Click here to see this story as it appears in the July 2017 issue of Modern Casting

A few years ago, the phrase “cyber security” was not in our vocabulary. Now criminals are bombarding homes and businesses with cyber attacks daily. The words malware, ransomware, phishing and botnet have unfortunately become commonplace in our vernacular.

From reports of the hacking of the 2016 Presidential election to the more recent WannaCry ransomware attack which affected thousands of computers worldwide, malicious software attacks generated in various parts of the world happen so quickly that often individuals and companies are not prepared and are vulnerable. WannaCry exploited vulnerabilities in Microsoft’s Windows 7 operating systems.

Ransomware is simply defined as a type of malicious software that is designed to block access to your computer system until a sum of money is paid—essentially a “ransom.” It typically invades your computer through a trojan virus, or malware that looks like a legitimate file. Once in, it locks your computer until you pay a ransom.

Manufacturing and casting companies are just as vulnerable as every other industry today. Attacks are motivated by various factors. This could include financial, with attempts to steal banking or credit card information or more often the case, potentially valuable intellectual property or other sensitive information critical to the heart of the company. This could include confidential part drawings, specifications, email archives, and alike.

According to a recent report generated from IBM X-Force Threat Intelligence Index 2017, the manufacturing industry rose to third place behind financial services and information and communication as the top targeted industries experiencing the highest number of incidents and reported records breached. The overall industry is a tempting target, as many systems within the sector are perceived to be weak by design because of a failure to be held to compliance standards.

The metalcasting industry is not immune to these ongoing attacks on its IT systems.

For example, a Midwester metalcasting company was recently attacked when a supposed customer email was received requesting payment on a past-due account. The email appeared entirely authentic and made it almost all the way through the system until one employee in accounting asked a simple question as to its authenticity. At that point they realized—in time—it was a ransomware attack.

Many metalcasters have put into place robust policies to inform their employees of potential threats that affect internal systems and networks outside the confines of the company. For instance, a sand and investment casting company in New York has instituted frequent password changes in its email system due to recent problems caused by malicious ransomware.

Preparations & Preventions-Internal
Metalcasters can protect their internal systems with a variety of simple steps to prevent the “bad guy” from malicious activity.

1. Keep your operating system up to date. So often it is tempting to ignore the periodic updates required for Windows operating systems, especially with the Windows 10 system updates, which can take time and effort. However, it is important that these updates be maintained. Among other things, they fix security holes in your system and provide the latest protection.

2. Install and update your antivirus software. This software is designed to prevent malicious software from embedding into your computer. Viruses can infect your computer without your knowledge. If your antivirus detects malicious code or a worm, it works to disarm or remove it. Antivirus software can be set up to update automatically.

3. Install or update antispyware software. Spyware is exactly what it sounds like. This is software that is installed on your computer without your knowledge and allows the hacker to peer into your activities. This could take the form of pop-up ads on your web browser that collect information on you without your consent.

4. Make sure your firewall is turned on. The firewall helps to protect your computer from hackers who may want to gain access to crash your system, delete information for your systems and steal passwords or other sensitive information.

5. Use caution on downloads. Too often, users download email attachments which can circumvent the best antivirus software. Never open an email attachment from someone you do not know. Sometimes this a good avenue for malicious software.

6. Be careful picking up zip drives from trade shows. Many companies still use these portable drives as giveaways at trade shows for company and product information. These have become commonplace in today’s world. It is also a good way for malicious software to enter your systems without you knowing it. Just be vigilant.   

External Prevention and Protection
When traveling, you also need to be aware you are potentially vulnerable to malicious attacks. These attacks can take place in your automobile, your hotel or even a restaurant. The following are some simple steps to take to avoid these attacks from disabling the system and stealing valuable data: 

Using a rental car: Personal data and information may be at risk. According to the Federal Trade Commission, data is vulnerable through as something as simple as connecting to the car’s infotainment system that works with a driver’s personal devices so they can navigate, stream music, or use hands-free calling and texting. The FTC suggests avoiding connecting phones or devices to an infotainment system and deleting all personal data from the infotainment system before returning the vehicle. Not deleting this data before returning the car puts you at risk of sharing it with future renters, rental car employees, or cybercriminals. This is especially important when traveling overseas.

Hotel risks: Hotels are increasingly becoming targets for cyberattacks. One can avoid risks at hotels by choosing not to use public-use terminals, instead using a virtual private network (VPN), to connect to the internet. You really do not know whether the hotel is using an up-to-date firewall. Keep your devices in hand always. How often have you seen people leave either their smart phones or laptops unattended? It is easy for a cybercriminal to walk by and quickly steal your device before you even know it. Limit your use of credit cards at some ATMs gift shops or hotel restaurants. Many malware attacks target gift shops and restaurant point-of-sales systems because they are older systems or on the periphery of network security. According to cyber security software company Trend Micro, over the past three years more than 10 different hotel properties have reported a breach of their systems by malicious software. This includes Hilton, Hyatt, and Starwood.     

Brave New World
A recent Forrester Research survey suggested more than three-quarters of all employees who use smartphones at work and 63% who use tablets access their company intranet or various portal sites using their mobile devices. Nearly 82% of various recipients survived by Forrester reported they use their smartphones to read or view documents, presentations, and spreadsheets for work.

The increased use of these various mobile devices is typically not associated with any security policies or tools to manage them effectively. To ward off the daily and consistent malicious attacks on your system, the casting industry at large will need to be vigilant. It pays to be knowledgeable in this critical area.            

Call for Papers - 2018 Keith Millis Symposium
x