In today's interconnected world where businesses increasingly rely on data and networks, a single sophisticated cyberattack on a business can inflict as much harm as a natural disaster.

And while several large companies have been caught in the headlines over the past couple of years due to high-profile cyberattacks, smaller manufacturers often underestimate the threat, feeling that they’re small enough to fly under the radar.

However, small businesses are actually victimized more than any other business size category, according to the Association of Certified Fraud Examiners. While small businesses are certainly susceptible to a wide array of threats, there are three that stand out as particularly important for manufacturers: masquerading, intellectual property theft, and cybersecurity breaches.

Masquerading is a payments scheme in which a fraudster impersonates a company executive or outside vendor and requests a wire transfer through a phone call or email to a company controller, or someone else with authority to wire funds. The controller will usually tell the business’s bank to wire the funds because the email or phone call seems legitimate.

The FBI recently estimated that wire fraud and masquerading losses among U.S. companies totaled nearly $750 million between October 2013 and August 2015. Here are four simple steps to help manufacturers thwart masquerading attempts:

1. Develop an approval process for large transactions. Require approval
from two or more executives for large wire transfers to protect against
threats of internal and external fraud.
2. Use a purchase order model for wire transfers. Many companies
require a purchase order to spend money. Apply this model to match all
wire transfers to a purchase order reference number, which provides
another layer of control by requiring an approval for wire transfers and a
verification of that approval.
3. Confirm and reconfirm. Use multiple means of communication to verify
wire transfers are legitimate. If the initial request comes in email, then call
the person to get a verbal confirmation and vice versa.
4. Stay in touch with your bank. If a transaction seems suspicious at any
point in the process—even after a wire has been sent—contact your
financial institution immediately.

Intellectual property is vital to manufacturers. Product blueprints and trade secrets are essentially the “keys to the kingdom.” With them, practically anyone can replicate a product.

There are easy steps to help protect intellectual property:
1. Definitions. Define what constitutes the business’s intellectual property.
Is it a product, a process, R&D, source code, or a logo design?
2. Storage. Identify all the places this intellectual property is stored or
located. Is information related to the company’s trade secrets in printed
blueprints, on a server, locked in a vault, programmed into equipment on
the manufacturing floor, or in an email?
3. People. Maintain an up-to-date list of who knows about company trade
secrets, both inside and outside the company. Are they under
nondisclosure agreements and other terms that protect the business?
4. Access. Give employees, vendors, and others the least amount of access
possible to do their jobs. The more people who have access, the greater
the risk.

As manufacturing has become increasingly automated, digital assets such as websites and email have become vulnerable to a range of cyberattacks. To help protect against email and website attacks:
1. Install anti-virus protection on every computer and device on the
company’s network.
2. Educate employees to recognize, avoid, and report suspicious emails
containing attachments or hyperlinks, the telltale signs of phishing, in
which hackers use electronic communications to steal sensitive
3. Be discerning with privilege. Employees and outside vendors using a
company’s network should have access to only those applications that their
jobs require.
4. Enforce two-factor authentication for administrative access to the
company’s critical servers. Verifying a user’s identity through separate
channels—text or email, for example—helps prevent anyone from having
access to a device without first confirming his or her identity through an
alternate means of communication.
5. Maintain a separate administrator account with a unique password so
that if an IT administrator’s primary email or passwords are compromised,
hackers will still not have administrative rights to gain control of servers
and networks.

The day-to-day pressures on small- and medium-size manufacturers make it tempting to put security aside – but the potential costs grow with each passing day as more sophisticated threats emerge.

The stakes are high, but manufacturers can mitigate common threats. Simple measures like those above enacted today can go a long way toward fortifying your business for the future.

For more fraud and security tips from David Pollino visit the Your Business blog.

David Pollino
David Pollino, SVP, Fraud Prevention Officer for Bank of the West, is responsible for fraud prevention oversight and education at the bank. Pollino was recently named a top ten influencer by Bank Information Security.

Prior to joining Bank of the West, Pollino served in senior fraud prevention positions for Wells Fargo, Washington Mutual, and Charles Schwab. During his career, Pollino has also worked as an information security consultant at @stake and UUNET advising Fortune 100 companies on information security issues.

Pollino is the author of RSA Press: Wireless security, The Hacker’s Challenge Books 1, 2 and 3, and Hacking Exposed: Wireless.


Request our Media Kit

Please fill out the form below. The media kit, which includes pricing options and information on our audience will be sent to your inbox shortly.