Rajeev Soota, VP, Information Technology, USHA International
Rajeev Soota, VP, Information Technology, USHA International, in an exclusive interview with CIOtechOutlook, shares his view on how manufacturing startups effectively secure communication with third-party vendors, steps to address potential vulnerabilities, how startups can prepare for ransomware attacks and more. He has over 18 years of experience in implementing, monitoring, supporting and stabilizing various SAP modules. Following are the key insights:
The security of any infrastructure tool or network is crucial for all types of companies, be it manufacturing, trading, or even small retail. Balance the daily manufacturing activities or business transactions and ensure the security of the entire network, the applications, and the data that exist. At the same time, certain things can be controlled so that there should not be any challenges in cybersecurity. To exemplify, if it is a manufacturing startup, companies can start very small with core components like a strong password policy, which is the core of any startup. Besides a strong password policy, whatever software companies leverage, they should regularly update the software with their latest patches or updates released by the software provider. To access the application or the software over a network, firms should install a firewall, helping any manufacturing startup ensure their entire structure is secured. They can even have an awareness program for their employees or their partners.
For instance, by training the team to recognize phishing emails and avoid unnecessary links, the organization can ensure that its network is secured and that no malware attack can occur. Slowly and gradually, the firm can plan for growth so that its infrastructure gets scalable to a higher level. Subsequently, they should install or have some more security tools. With these steps, manufacturing startups can focus on their growth, and their operations remain secure.
Network security is the need of the hour. When startups tend to grow, the challenges will increase, so scaling network security for any growth is crucial mainly to avoid any vulnerabilities in their critical transactions. There are certain things startups can manage very effectively to ensure scalability. They should build security within their system and processes and adopt scalable security solutions. Besides, firms should have the practice of regular risk assessment or the Vulnerability Assessment and Penetration Testing (VAPT), which has to be performed twice a year. VAPT will notify if there is any vulnerability existing in their system. More importantly, whatever network firms are using, they should segment that network and divide it into smaller and more secure sections so that if any threat happens, that should not disturb their entire network. Hence, a business continuity plan needs to be put in place.
Training the team is a continuous process; security training should also increase and be more effective as the team grows. Besides, there should be an incident response plan with many policies in the system, such as an IT security policy, strong password policy, backup policy, business continuity plan, and DLP. These are essential for all sorts of manufacturing startups and must be monitored. Firms can even hire experts to help them ensure they are working in a secure environment. Hence, If firms embed security into the foundation and treat security as their ongoing priority, then any startup can ensure that they will not get compromised by security threats as and when they scale.
Securing the data or communicating with third-party vendors and suppliers is essential for any manufacturing startup. Manufacturing startups mostly rely on third-party vendors for their raw material requirements, or specific job work needs to be done through their third-party suppliers. So, to ensure that all these things are automated, there needs to be a more secure environment with the manufacturing setup and the vendor's or suppliers' setup. Startups need to evaluate the security practices being adopted by their vendors, and they should ensure that they meet their security standards or whatever best standard practices are there that they should follow. Whenever startups do any business with a third-party vendor, they should have an explicit agreement in place, which includes a clause related to cybersecurity requirements in the contract, such as data protection, incident reporting, and compliance with the regulations. All these are very critical for any business. Hence, firms should have an explicit agreement clause that both parties duly sign.
Besides, they should use a secure encrypted channel whenever they communicate or transfer sensitive data or information. Many encrypted communication tools are available so that they can share files or data securely. Whatever email application they are using should be very secure, and there should not be any phishing or vulnerability exposure to that. Logs should be enabled for whatever data is being exchanged. Data should not be changed or modified during transfer, transit, or rest. So wherever data is residing at the manufacturing database or the third-party vendor database, it should be secured in all manner, and they should also audit their vendors, whether the security practices are being followed or not, or whether the tools are in place or not and even their employees are also trained or not. These things will ensure that whatever transactions or business they do with their third party are secure. It will give them confidence, and also they can plan for the incident. Startups can collaborate with their vendors for a shared incident response plan policy.
When an incident occurs, both parties should be informed, and they can collectively take corrective action. So, by prioritizing collaboration, any manufacturing startup can secure communication and data with third-party vendors, which will help reduce the risk of supply chain-related threats.
Manufacturing startups can effectively prepare for ransomware attacks. Firms can protect their sensitive data even with limited resources by adopting a limited approach to cybersecurity. For instance, startups should start with the basics, using strong password policies and keep their systems updated regularly with all the patches, updates and security bugs released by their service providers. The other critical thing is that they should have a backup policy, which should be implemented regularly. Startups should maintain frequent backups of all essential data and their systems. Moreover, the backup should be stored offline or in a secure cloud environment so that as and when any incidents occur, they should have the latest backup available to them, which can be restored, and the business can continue to perform. If startups isolate the protection system or any sensitive data, network segmentation will help to reduce the spread of ransomware within their network. Besides, it is crucial to leverage any antivirus solution with endpoint detection and response so that corrective actions can be taken if any threat happens.
More importantly, email is an effective way of communication within and outside the company. Hence, startups should have many security tools available that they can deploy so that if any email comes with an attachment, it should be scanned for potential malware. This will prevent ransomware from entering their system through phishing emails.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
