In a world of smart devices that collect and exchange customer information, and a climate of international cyber warfare, data protection is a real challenge for manufacturers.
Operating at the heart of Britain’s infrastructure while collecting valuable data about its citizens, UK manufacturers can be an attractive target for cyber criminals. According to the trade group EEF, 48% of them have already suffered a cyber attack since January.
With Brexit approaching, manufacturers are hungry for innovation to compete in a new global economic landscape, but the cyber threat must be addressed before this can happen. Manufacturers must find ways to safeguard their intellectual property and ensure that they have the right processes in place to manage the customer data they collect.
Customer information: Know the road ahead
In the post-GDPR landscape, businesses must now be completely transparent about their customer data and to take steps to protect it. An increasingly large number of manufacturers, particularly in the automotive sector, are collecting data from their products even after they have passed into the hands of customers.
This allows them to understand more about how the products are being used, where design flaws may exist, and how to improve the next model. A careful line needs to be trodden when handling this information, however. If any of this data can be linked to an individual, it becomes “personal information” and must be handled according to the rules laid out in the GDPR.
If a manufacturer is handling personal information, they need to declare what they have and why. They must be able to demonstrate that they have the customer’s ongoing permission to acquire their information before using it. A customer’s ‘right to be forgotten’ poses problems here. If the data being collected by a device is integral to how its services work, can a customer ‘opt out’ of data accumulation without rendering the service redundant?
For example, many modern cars transmit location data back to their parent company to safeguard the driver in case of a breakdown. While this service may benefit the consumer, the parent company must consider whether this constitutes personal information and must be handled accordingly.
Protecting your plans
Without doubt, one of the biggest challenges for manufacturers is defending their intellectual property. Attacks on businesses in Europe and the UK are on the increase and are becoming increasingly dangerous.
Last year, one in every eight cyber attacks across Europe targeted a business in the UK. According to research by Beaming, a telecommunications company, each British business with a broadband connection was subjected to over 230,000 cyber attacks each in 2017 – 633 attempts per day. Most of these were basic attacks on company firewalls attempting to access security cameras and building control systems. However, manufacturers should also be aware of the threat to one of their most valuable assets: design data.
Any manufacturing company would find it impossible to innovate without knowing that its ideas were secure.
For this reason, product design data and plans for production and release typically require a higher level of encryption than almost all other company information. This applies to everything from storing it safely to sharing it with business partners. Almost all manufacturers today will share data with partners at some level; whether that’s simply monitoring stocks of parts or collaborating on a major international aerospace project. Ensuring that none of this data falls into the wrong hands is a major undertaking.
Tuning up your controls
With the new challenges are coming new applications of technology. Digital Rights Management (DRM) is one area in which major strides have taken place, helping manufacturers to maintain control of their intellectual property.
In manufacturing, there is frequently a complex chain of information to be managed, with partners or customers signing agreements to use design data on a limited basis. In order to enforce this, it is now possible to restrict how many times a set of data may be used, for example allowing only a single 3D print of a particular component. There are even plans afoot to adopt blockchain in the DRM process.
Another development is an increase in automation. Humans have always been the weak link in cyber security plans so the more that they can be eliminated from the process, the better.
>See also: The era of increased data protection rules
The automation of data transfer between parties, for example, avoids the risk of human error and ensures that the right level of encryption will always be applied. By following the principle of “least privilege” systems can be set to deny access to anyone without specific authorisation, reducing the chances of accidental or deliberate loss to data.
The other key tenet of any data protection policy is to remember the basics and update your software regularly. This includes simple applications such as anti-virus, firewall and email systems, which are often the first target of cyber attacks, yet often neglected. You should also review your online network regularly. Any unusual activity needs to be flagged quickly and personal email access should be restricted where possible. This also applies to workplace file-sharing applications.
Keep your toolkit up to date
Data protection for manufacturers is not easy. Keeping data of immense value safe while sharing it widely, often across international borders, is no mean feat. With cyber attacks on the increase, a new data protection regulation can feel like just another burden on the IT team. The reality is that data protection is an issue for everyone, and the GDPR has stimulated an urgently needed discussion about cyber security and customer information.
For manufacturers, it’s a reminder to keep checking under the bonnet of the organisation to see that the right processes and technology are in place to fend off ever-more sophisticated hackers. With these in place, they can turn their attention to the important business of innovation.
Sourced by Martyn Davies, director, Rocket Software