By: Karl Bickmore, CEO, Snap Tech IT
During the past several years, we have seen a shift in the IT practices of aerospace manufacturing sub-contractors. As the federal government agencies tighten information security policies and procedures for primary aerospace manufacturers like Northrop Grumman and ATK, these companies are working harder than ever to ensure their downstream subcontractors have solid information security practices in place. This means that even the smallest organizations serving the aerospace industry need to improve their cybersecurity as well as their auditing.
For many years, downstream aerospace manufacturing subcontractors could fly under the radar and be somewhat relaxed in their IT best practices and cybersecurity defense. This is quickly becoming a thing of the past. Organizations can no longer risk neglecting IT best practices and cyberdefense.
Here are the top five ways aerospace manufacturing subcontractors can improve their IT practices:
Upgrade authentication controls
Every aerospace organization, both large and small, needs to use dual factor authentication for their email (office 365, G Suite, or other), and for any kind of remote access.
Install threat detection
Unfortunately, many of today’s successful attacks aren’t a result of a virus or malware. The attacker simply tricks end users into sharing credentials, or they guess them because they are easily guessed. There is really is nothing a firewall or antivirus can do to stop this type of hack. That is where threat detection comes in.
Think of firewalls and antivirus software like locks on the door. They keep many problems from entering the building. However, if someone breaks a window and enters the facility, an alarm system goes off. In the computer world, threat detection is that alarm system. The good news is this technology is more affordable and feasible than ever. We are big fans of how Perch Security addresses threat detection for smaller business environment.
Stop opening remote desktop to anyone on the Internet
For many years, Microsoft’s remote desktop (RDP) was the primary method of remote access. It was also common practice to open ports in firewalls, called “port forward” to allow remote control traffic into your network without any inspection. Recently, this has become the source of major attacks and successful take downs. Going forward, no business should use open ports for RDP. Rather, all RDPs should exist behind a secure virtual private network (VPN) connection that uses dual factor authentication.
Require end-user awareness training
Because aerospace manufacturing calls for a workforce with a variety of skill levels, it leaves them at risk of having end-users unaware of their role in protecting the organization. Knowledge gaps exist everywhere, even in professional offices, where staff rely primarily on their computers to perform their duties. These uninformed users are often the easiest targets for successful attacks. End user IT security awareness training is critical, both to protect your organization and for industry compliance. The good news is there are a few good providers with set-ups that make it easy to do and administer.
Regularly review risk management and information security policies
In general, small organizations fall short with IT planning or IT security. In the aerospace industry, however, many companies are fairly diligent with their policies and procedures. However, they rarely have effective information security policies and regularly reviewed risk management. Because of the new compliance requirements, aerospace manufacturing companies must up their game. Bear in mind, this is not a minor task. Most organizations will need external consulting to help in developing these policies and in the risk assessment process.
To be frank, these are only a few of many recommended best practices. Adhering to at least these five tips will greatly reduce cybersecurity risk and may make the organization a good choice for new contracts. Our customers tell us that they win more business now that they can show their cybersecurity sophistication.
Stay vigilant and remember that everything can’t be done all at once. Get an action plan put together and work to steadily to improve. You will see great results with consistent execution.