John and Pete are back with Hayley and Kevin from MassMEP for another Cybersecurity podcast. This latest podcast is covering some of the hot topics of Synagex’s recent cybersecurity breakout sessions for manufacturers in MassMEP's extended network. In this post, we'll cover some of the main points discussed in the podcast, but if you have time to listen in—here's a link to the full show: massmep.org/podcast/ep-80-threat-actor/

For the third episode of MassMEP's Manufacturing Your Future Smart Manufacturing breakout room series, John and Pete of Synagex took the time to review the main points of their cybersecurity-focused sessions. As noted in the podcast, we used to talk about current happenings in the world of cybersecurity, but we are all quickly realizing that it doesn’t matter what is currently happening, this isn’t going away! In fact, it's becoming more personal—how many people have been affected by a cyber attack in some shape or form?

Cybersecurity, from a Risk Perspective.

The most key point from Synagex's cybersecurity breakout sessions was the concept of approaching cybersecurity from a risk perspective. We like to use our risk rainbow—it's a way to make this complicated problem more simple. We understand that small businesses typically don't want to spend a ton of time on cybersecurity investments, because it's not directly revenue generating, so by looking at the risk rainbow—and seeing risk in layers—we start weighing cybersecurity risks and begin to identify where investments can be made to best secure each individual organization.

A lot of it companies sell tools to address problems, but to us its more than that. We like to focus more on education, and educating the people within an organization—and even physical security. For example a small dentists office could have all of their most critical assets stored in an unlocked closet that everybody is putting their coats in…

these are challenges that you wouldn’t naturally associate with cybersecurity, but if you look at this issue as a risk issue, and identify what’s important to the environment, it makes it simpler to see what things you should be thinking about and investing in to improve overall cybersecurity—the biggest bang for our buck. These strategic conversations are the most critical!

Cybersecurity Myths, Debunked.

Another key point we covered in our cybersecurity breakout sessions were common cybersecurity myths—the number one myth being organizations believing they are too small. For a long time that was a popular opinion, and it's not true! Threat actors are going after the small organizations too. It's just as easy, if not easier to make money, rather than going after a multi million dollar company—and it adds up. Plus, small organizations don’t tend to look at their backup policies and end up held hostage because of that in order to get their critical data back.

You Cybersecurity Questions Answered.

Here's the most common questions we get about cybersecurity:

Q: What are the most common ways that hackers attack networks?

A: It’s phishing. The personal aspect/people part is your #1 security risk. This is why we recommend that organizations always train staff to protect against this risk!

Q: How can we train employees to be more security-aware?

A: Be paranoid! AI and new technology is making things worse, making it even harder to know when someone is actually trying to compromise your security. Until we find better ways to deal with this tech and risk, we're going to have to be paranoid about what we're doing and how we are responding to email.

Q: Do you think it's important for companies to implement some kind of standard onboarding process involving cybersecurity?

A: Yes. It's something that is required when you are trying to reach CMMC or NIST 800-171 regulations, but it also must be ongoing. It's important to keep it relevant, and we actually use a company that sends out videos including subjects that are funny and things that really stand out to make you realize you need to be more vigilant about everything. Things are always evolving—threat actors aren’t always even people that know how to hack, and AI is increasing this ability even more.

Q: Where do we see cybersecurity on a priority scale to manufacturers?

A: In manufacturing, there is so much that can be affected by the risk. We work across a lot of entities, and different businesses use tech in different ways. The critical information is different in every industry. Manufacturing is moving towards industry 4.0 and automation, an inevitably old machines are going to break down and need to be refreshed or upgraded to those with more technology in them. Introducing more technology always introduces more risk, so the investment in cybersecurity needs increase with it. Our general feeling is that folks aren’t thinking about it enough!

Operational Technology (OT) is becoming much or integrated with IT, and the rate of increase of hacks and threats towards OT is just skyrocketing. The systems were not always connected to the internet, but now they are, and the known vulnerabilities in these devices and in IoT technology is just going up—typically in a year, you can identify 1000 - 1500 vulnerabilities in OT and this year, it has doubled. It's going up every single day.

Q: What is the largest sector of businesses that we work with?

The largest industry by volume that the team at Synagex works with is in manufacturing and DoD contracting. However, our largest clients are not necessarily in this sector. For example, we just started working with a concrete company with hundreds of employees, which is a great example of an organization that does have the same sort of risk tolerance that a DoD contractor might have—they might be ok with a little bit of cyber risk.

Manufacturing is where we feel most comfortable. We’re former bankers and in banking the cybersecurity perspective has been there for decades—if your bank account was hacked and cash was extracted, that was something that was intolerable decades ago. We came out of this industry and were a little surprised when other folks weren’t as invested in cybersecurity. Of course covid brought about higher adoption of technology, and a primetime for threat actors to go after this risk.

A Cybersecurity Tip to End On.

Consider your password protection! We highly recommend not using the built-in password managers on your web browsers. Instead, try Dashlane, Lastpass, Dropbox, etc. Using these tools is a much more powerful way to deal with password management, and definitely more effective than writing them down, saving them in a document on your computer, or again, clicking yes to save them in your browser!

Be sure to tune in to hear the whole episode, including some fun game-show talk at the beginning. Are the Cybersecurity Whisperers planning to be next up on Family Feud? Find out here!

Synagex CEO and CISO, John Sinopoli and Peter Morin, were invited to present as guest speakers—and cybersecurity experts—at MassMEP's recent Manufacturing Your Future Smart Manufacturing event at Polar Park in Worcester, MA. The event served as an opportunity to Massachusetts manufacturers to network, learn, and explore growth opportunities (more info at massmep.org/manufacturing-i40).

If you weren't able to make it, we have a recording of the entire session! Watch as John and Pete review why cybersecurity matters for manufacturers as they cover cybersecurity from a "Risk Rainbow" perspective—and make sure to watch until the end to see Pete simulate a real example of how easy it is for hackers to obtain critical information like passwords.

Tech Tip Takeaway:

Things May Not Be as Secure as They Seem

If you didn't watch til the end, we want to give this little takeaway: we recommend to NOT store your passwords in your browser. Pete explains in the video just how easy it is for any computer-savvy person to scrape the passwords stored in a browser... Did we mention this is all easily searchable on the internet?

Don’t freak out! This example is IF the malicious user has enticed you to click on a link that compromises your device…We like to secure in layers, so we opt for standalone password managers that can’t get hacked as easily as Pete demonstrates here.

Ever wonder what it's like to work at Synagex? We like to work hard, but we don't skimp on having FUN. Here at Synagex, it's really about the teamwork, and we have a set of core values that we embrace to offer the best IT management service possible—check them out!

CORE VALUE #1: SEND IT 🏆

"Send it" means being passionate about the work that you do. We like to think we are ferocious in attacking our goals—we work hard and we're proud of what we do. We care deeply about winning our customers by being friendly, fun and providing the most excellent customer service. And most of all... we get sh!t done!

CORE VALUE #2: BE THE TANK 🙌

To us, "Be the tank" means having each other's backs. We truly believe in working as a team to achieve our common goal, and to do this we must be excellent to each other and protect our team as we achieve greatness—together.

CORE VALUE #3: TEAR IT UP 🔥

At Synagex, we "tear it up"! We like to celebrate our victories—big or small. Our team works hard every day so nothing goes unnoticed... it's time to pop bottles and recognize hitting those goals! It's all about having fun with what you do.

Our team even made a video to explain these core values... enjoy!

SEND IT. BE THE TANK. TEAR IT UP. These goals drive our mission at Synagex—to provide the best IT possible through people, process and tools. Our people are truly at the core of this mission, working every day to administer IT excellence to our customers!