CYBER SECURITY MARCH 2019
Information governance -
manufacturer risks
External risks
Internal risks
Poor security culture
Poor access control
to data and services
Low cyber maturity
Cyber crime
Data protection
legislation
The supply
chain itself
Lack of internal
cyber expertise
Unknown technical
vulnerabilities
Data defence techniques
Here are some key ways you can prevent
yourself from being exposed to a data breach
in the manufacturing supply chain:
● Only share personal data with a service
provider (such as payroll information) if there are
adequate agreements in place that protect you
from data protection legislation.
● Ensure any intellectual property rights shared
with suppliers are suffi ciently protected.
● Only allow suppliers access to your IT
environment when you’ve restricted their
scope, set controls and checked you can
monitor their activities.
● Assess all third-party risks to identify any
possible weaknesses – ensure all third-parties
follow your data protection protocols.
● If elements of your supply chain are subcontracted,
ensure you have full visibility of the
sub-contractors’ data handling protocols.
● Track the data your suppliers hold on your
business and how this is managed.
will decrease processing flaws,
increase production quality,
improve efficiency, optimise
supply chains and lead to
better machine maintenance.
Embedding a culture of
best practice
The importance of full
compliance with legal data
protection requirements and
preventing the risk of cyberattacks
can’t be exaggerated.
Once you have processes
and procedures to deal with
these issues, practice them
frequently. It’s vital that you
don’t wait for a real event to
test your systems. Be prepared.
Embed the systems into
your company culture and,
compliance with GDPR and
high standards of cyber
security, will become second
nature, meaning you are fit for
to cyber-attacks. These vulnerabilities had
existed for some time, yet the company had
been oblivious to them.
As a priority, we developed an action plan to
help the company mitigate the identifi ed risks of
any cyber-attack or data breach.
2 Navigating the maze of legislation
A manufacturer was confused about the
specific requirements for GDPR compliance.
They had previously received conflicting advice
and wanted to know their current state of
compliance and how this could be improved.
Aristi conducted a readiness assessment
to provide a transparent view of their current
state of compliance and outlined the route to
full compliance.
It also provided full GDPR training to all
of its staff, developed processes and
procedures and documented these to fully
meet GDPR compliance.
To ensure compliance is maintained, Aristi
acts as a Virtual Data Protection Officer, which
includes regular audits to assure the business’
senior management complies.
world-class competition.
The key to compliance
is using specialist expertise
to empower you to achieve
your vision, profitably based
on all parties sharing a
deep understanding of your
company’s culture.
Case study examples
1 Lulled into a false
sense of security
A large manufacturing
business had been using a
supplier for a number of years
to test their IT infrastructure.
These tests aimed to identify
and resolve any technical
vulnerabilities and always
returned minimal issues.
Last year, the company
switched to Aristi. This test
highlighted a number of
critical vulnerabilities which
were exposing the company
28 www.manufacturingmanagement.co.uk
Bits and Splits/stock.adobe.com
sdecoret /stock.adobe.com
/www.manufacturingmanagement.co.uk
/stock.adobe.com
/stock.adobe.com