Manufacturing has been the most attacked industry in the country for five years running. Unplanned downtime now averages $260,000 an hour across manufacturers. Those two facts together explain why cybersecurity has transitioned from an IT department conversation to something that the entire production chain must consider.
But none of the fixes that actually matter require an enterprise security budget or a dedicated IT staff. They're practical, affordable, and most shops can knock out the majority of this list without a single production line going down. We've spent this series digging into specific systems, ERP, MES, PLCs, your supply chain. This post pulls it all together into one list you can actually work from.
If your office computers and your shop floor equipment sit on the same flat network, one phishing email in accounting can take down your production line. Network segmentation keeps them separate, so a problem in one area can't spread into the other.
We’d argue this is the single most important control on this list, because it can prevent many of the future issues you may face. It's also the theme running through nearly everything we've written in this series, from MES security to PLC exposure. Segmentation is what stands between a ransomware infection on an office laptop and a shutdown on your production floor.
You can't secure equipment you don't know exists. Every PLC, HMI, ERP terminal, and shop-floor tablet is a potential entry point, and most manufacturers have a longer list of connected devices than they realize.
Start with a basic inventory: what's on the network, what it talks to, and who can reach it. We covered this in detail in our ERP security post, and it applies just as much to shop-floor devices as it does to your core business systems.
A remote access tool a vendor installed two years ago for a one-time fix doesn't remove itself. It sits there, often forgotten, until someone finds it who shouldn't.
Every remote connection into your systems, vendor or otherwise, should go through a monitored, secured path, not a direct line to a machine. Review who has remote access to your systems right now. You'll probably find more than you expect.
Default passwords are still one of the most common ways attackers get in, whether it's a PLC, a router, or an old admin account nobody's touched in years. Combine that with multi-factor authentication on every login, especially remote and admin accounts, and you've closed off the easiest paths in.
This one costs almost nothing and takes very little time. It's also become close to mandatory for cyber insurance, which we'll get to below.
Some of your systems can be patched on a normal schedule. Others, particularly older PLCs and control systems, can't be updated without risking downtime or without the vendor even supporting patches anymore.
For the systems you can patch, do it consistently. For the ones you can't, isolate them behind segmentation and monitor them closely instead. Trying to patch a legacy controller mid-production isn't worth the risk; keeping it walled off from everything else is.
Having backups isn't the same as being able to recover from them. Organizations with tested, intact backups recover within a week nearly twice as often as those whose backups turn out to be incomplete or compromised when they actually need them.
This matters even more for production data and PLC project files, which don't restore the same way a normal file server does. If a controller gets tampered with, a clean, offline copy of its configuration is what gets your line running again instead of guessing at what changed. Our data protection approach builds this in from day one instead of treating it as an afterthought.
You wouldn't put someone on a machine without training them first, right? The same logic applies to your inbox. A meaningful share of successful attacks start with an employee clicking something they shouldn't, and that's true whether it's an office worker or someone on the shop floor with access to a terminal. Basic phishing simulations and a short annual training session go a long way. It doesn't need to be complicated to work.
When something goes wrong, the difference between a rough day and a catastrophic one usually comes down to whether anyone knows what to do first. Who gets called? What gets shut down? Who talks to customers?
These are critical questions to ask before you need to instead of trying to scramble in the middle of it. A written plan doesn't need to be long, it just needs to exist. And everyone who'd be involved needs to know where to find it.
A large share of manufacturing breaches trace back to a third party, not a direct attack on the manufacturer itself. Your suppliers, integrators, and software vendors are all potential doors into your network, and their security posture becomes your risk the moment they're connected.
We dug into this at length in our supply chain post, investigating how the supply chain became such a blindspot for manufacturers. The short version: ask your vendors what they're doing to protect access before you grant it, not after something goes wrong.
Here's where this list pays off twice. Cyber insurers have gotten a lot stricter about what they'll cover, and a large share of small businesses are now failing their coverage assessments outright. The controls carriers want to see (MFA, tested backups, documented training, network segmentation, written incident response plans) are exactly part of what we’re talking about here. If you haven't looked at your policy renewal requirements recently, it's worth doing before your carrier tells you your premium doubled or your coverage got denied.
None of this requires an overhaul. It requires someone walking through your network and your processes with a clear checklist, which is exactly what we do for manufacturers across Metro Denver and the Front Range through our manufacturing IT services.
Reach out and we'll walk through where you stand. Or get a head start with our cybersecurity assessment quiz to know your current vulnerabilities.