There are significant challenges to operating a successful and profitable woodworking business in today’s climate. The most visible challenges include the increased cost of building materials, higher interest rates, labor shortages and logistics. There is however an additional concern that is sometimes overlooked yet can severely impact your woodworking business -– cyberattacks.

What constitutes a cyber security event? A cyberattack commonly involves hackers attempting to damage or destroy a computer network or system. Sensitive information and confidential data may be accessed and used by the hackers for illegal purposes.      

As more businesses shifted operations online during the pandemic, cyber exposures have grown significantly. While woodworking businesses may think their online risk exposure is limited compared to a large financial company or online retailer, they are wrong. Cyberattacks occur in all industries from agriculture to construction to professional services and healthcare. And the risk of a cyberattack is not going away. In fact, according to data from ThoughtLab, cyber incidents increased in 2021 by 15.1%, with a 24.5% increase in material breaches.

Verizon’s 2022 Data Breach Investigation Report (DBIR) found 2,337 data breach related incidents reported in the manufacturing industry, which includes woodworking businesses. The report also highlighted how system intrusion and basic web app attacks are on the rise in this sector, at levels higher than the average of other industries.

Imagine your woodworking business having a cyber event that could disrupt your office computer systems along with any high technology type manufacturing equipment including CNC machines and optimizing saws. Think of the damage that would ensue at your woodworking facility if your computer systems were hacked and the software that instructs the optimizing or rip saws on the proper dimensions for cutting material were lost. Maybe an employee could jump in and type in the proper dimensions – assuming the organization had the information documented somewhere. But, even if a human could take over for the machine, the work would undoubtedly be done at a much slower pace and there likely would be considerably more room for error.

When it comes down to it, woodshops are as much at risk for a cyberattack as any other business. In fact, they could be even more susceptible because they often do not have robust cyber plans and protocols in place.

What is the risk?
Cyberattacks have the potential to cause considerable damage to businesses in the wood niche and consumers at any time.  Industries like woodworking rely more today on computerized interconnectivity and smart automation, including automated shipping yards, robotics, and much more. This dependence on technology leads to an increase in cyberattack risk in areas across the business, including:

• Supply Chain – As a woodworking business owner, you may rely on a third party to receive your epoxy or adhesives. What happens if your vendor is down because of a cyberattack? Can you still produce your product? A cyberattack at any point along the chain can have major consequences.
• Utility – Recent years have seen higher risk of nation-state attacks, where utilities are targeted and shutdown. What happens if your business operations are impacted by a lack of water or access to another major utility? This could lead to faulty production, followed by possible insurance claims and litigation. 
• Sales and Customer Service – We frequently see denial-of-service attacks, which can be a major problem for woodworking businesses. If a third-party vendor is infiltrated, your business may not be able to purchase their product at the time you need it. 
• Process Control – Process control is critical to delivering the right product to customers. Process control systems often involve third-party access and if there’s a vendor attack on that third-party, it can derail operations entirely. 

Lastly, and perhaps most importantly, your vendors may expect proof of a strong cyber program from your business. Your operations are part of the supply chain and if your business is halted or damaged by a cyberattack, not only will you struggle to meet your client’s needs, but your partner relationships could suffer.

How you Can prepare 
Beyond the basic security steps, such as changing passwords and two-factor authentication, there are several more comprehensive recommendations to mitigate cyber exposures:

• Thorough Risk Assessments: We always recommend businesses conduct thorough risk assessments with cyber partners skilled in manufacturing and woodworking. These partners, such as a specialty insurer who knows the wood niche, will understand and help to identify and assess the typical risks that could plague their business.
• Build a Backup and Business Continuity Plan: In the event cyber threats do infiltrate your supply chain, do you have secondary suppliers, supplementary materials and a list of trucking carriers you could rely on? Build out a continuity plan so your business will be able to operate in the event of a setback.
• Hold Security Training: Train staff on security awareness and best practices. There are several resources easily available, including www.cisa.gov/stopransomware and Shields Up | CISA, which offers comprehensive details on safety best practices for small and large businesses.
• Check Your Access Control Management: Make sure your process control systems are up to date. We have seen businesses that don’t realize their systems are running on a 1980’s server and when they suddenly lose access, no one has the password for the systems that control every cut of their moldings. 
• Develop USB Device Management Protocol: We have heard plenty of stories about manufacturing plants where people have been able to siphon off major company logins by just walking in and using a USB drive. We highly recommend businesses block USB access so if someone walks in, they can’t access significant company data.
• Check Your Vendors’ Cyber Policies: In addition to maintaining cyber protocols at your woodworking business, it’s important to expect proper cyber mitigation practices from your business partners as well. Before engaging in business and sharing proprietary information, take steps to limit the potential impact on your business should your partner experience a breach.

As cyber threats continue to rise among our peers in the wood niche and around the world, employing proper cyber mitigation practices and requiring the use of cyber safety protocols from your business partners is essential. Taking the time now to establish proper cyber protocol can protect your business to ensure profitable operations well into the future.

Source: Authored by Erin Selfe, Vice President, Information Technology, Pennsylvania Lumbermens Mutual Insurance Company and Tony McFelin, Managing Consultant, BTB Security.