2/23/2023
BY: JEFF WILLIAMS
When it comes to our cell phones, most of us can’t leave home without them. We protect our phones and act as if our whole lives are on the device. So why aren’t we doing all we can to protect our business? In the age of technology and automation, it is essential to have a comprehensive understanding of how to protect your business information systems and ensure there are effective processes in place.
ASSESS YOUR RISK
Approximately 4,000 cyberattacks are reported from small businesses each day. This means that your business is vulnerable, and it could happen to anyone who isn’t prepared and protected. It is important to learn business security practices to avoid potential risks of cyberattacks, like ransomware hacks or data breaches.
To start, take a look at the information systems operating environment. It represents the physical environment in which information systems are employed. This could be physical systems, software or services that process, store and/or transmit information. In order to improve, you must be aware of your current environment and what could potentially be at risk.
Another aspect to review when assessing your risk is current processes and procedures, also known as controls. These controls can be documented or undocumented. It is important for all controls to be documented so you can review them for effectiveness and revision (if necessary).
ANALYZE YOUR RISK
After you have assessed any potential risks, performing a risk analysis will help you to identify gaps in the current state. The analysis will highlight any likelihood of risks and the potential impact they could have on your organization and should include:
-
Review of what impact the risk would have on your business.
-
Review of what assets are involved and the likelihood it could be used to put you at risk.
-
Review of what you have already done to help mitigate this risk.
It is important to remember that risks are not limited to those from outside your business. Over 90% of risks come from inside the company, and most are unintentional in nature.
MITIGATE YOUR RISK
A risk analysis will help you prioritize where to begin mitigating risk and help you focus on areas that need further protections. Some simple steps to begin reducing the risk of a cyberattack include:
-
Reducing exposure by limiting how or where it can be impacted.
-
Making sure all information can be recovered in case of an issue.
-
Validating the latest manufacturer updates have been applied, including software patches.
-
Understanding that risk exposure can not be completely removed, and instead focus on how to lower the risk.
-
Developing a recovery/response program in case the risk is realized.
THE CENTER CAN HELP PROTECT YOUR BUSINESS
Michigan Manufacturing Technology Center (The Center) has created an assessment that will take you through the entire process. This assessment is designed to help businesses understand the importance of business security and what they can do to stay protected. Get started with a risk assessment today by
contacting our experts. To learn more about business security,
register for an upcoming course.
MEET OUR EXPERT: Jeff Williams, Program Manager, Cybersecurity

Jeff Williams leads The Center's efforts to educate and equip small and medium-sized manufacturers to guard against the growing threat of cyber-attacks. One of his main areas of focus relates to the cybersecurity requirements outlined in NIST Special Publication 800-171, designed to protect the information security systems of contractors working with the Department of Defense. In addition to serving Michigan’s manufacturing community, Jeff also is involved with training other Manufacturing Extension Partnership (MEP) centers across the U.S. This effort will enable those centers to provide cybersecurity services to manufacturers in their states.
Since 1991, the Michigan Manufacturing Technology Center has assisted Michigan’s small and medium-sized businesses to successfully compete and grow. Through personalized services designed to meet the needs of clients, we develop more effective business leaders, drive product and process innovation, promote company-wide operational excellence and foster creative strategies for business growth and greater profitability. Find us at www.the-center.org.
Categories: cybersecurity,
Industry 4.0