A little behind in you’re security measures? You’re not alone. Even the U.S. Government is behind.
Last November, the U.S. congressional Subcommittee on Government Efficiency, Financial Management and Intergovernment Relations flunked 16 federal agencies for not meeting basic security requirements. Evaluation standards were set by the Office of Management and Budget. Among these agencies that failed were the Departments of Defense, Transportation, Energy, Treasury and the Interior.
The department that received the highest evaluation, a “B+,” was the National Science Foundation. One could conclude from this list that only “techies” see the need for security.
And that’s a shame. Governments, businesses, managers and employees — we’ve all approached security a bit too blithely. We pay for it all the time. Every time there’s a new virus or worm, it costs us. Sometimes the cost is money, when you have to replace wrecked computers. Sometimes the cost is downtime, when employees must wait for systems to be debugged and set right. But, apparently, these costs have not been enough to make people take preventive action.
Recent events haven’t been enough either. Despite what we’ve experienced in the last several months, few of us treat the security of our controls, systems and data with sufficient seriousness. Too many people still do not consider what they do in material handling crucial enough to warrant security precautions. That’s too bad. Because that means it will take a huge logistics disaster to get material handlers’ attention.
One of the unrecognized potential pitfalls involves supply chains. Individual material handling data may have little importance to a hacker. They will have more importance to an insider intent on harming a company. However, the main vulnerability in the world of material handling is access. All it takes is a hacker or insider to gain access to one control. Then they can send a damaging virus or worm to anyone in the supply chain, and shut down the entire chain.
Security measures are about risk management. Every manager needs to ask just how much is he or she willing to risk? Your answer will tell you what you need to do.
However, experts recommend that at minimum, everyone in the chain should have firewalls and strict access control. Access should apply to the building that houses material handling controls and systems too. Proper passwords, which means they’re encrypted, should also be used.
This issue is not just the problem of your company’s Information Technology department. The weakest link in any company is usually the employees using the system. Their passwords are too easy. They don’t change them often enough. Or they keep them written down and easily accessible.
We have the tools to prevent costly downtime. We all know it’s a serious issue. We’re just not paranoid enough to use them.
The government has finally wised up and developed some healthy paranoia; enough to create a position for a “cybersecurity czar.” Let a little bit of healthy paranoia guide you and your business partners.
Leslie Langnau, senior technical editor, [email protected]