Do a Technology Risk Assessment to Protect Your Shop
The road to protecting your shop’s information starts with a technology risk assessment that identifies areas to protect and areas to consider public knowledge.
State-sponsored hackers, ransomware agents, corporate spies and corporate espionage campaigns are attacking today’s manufacturing technology environments. In most cases, the bad actors never announce themselves. They gain unauthorized access to systems through well-hidden malware, quietly sitting on network devices, watching and recording traffic, data and information to steal or provide them a competitive advantage. In some cases, systems are being used to stage attacks on other organizations or store data for future use. How can a mold shop protect itself from becoming a victim?
With the ever-evolving and diverse range of technology within today’s mold shops, threats to your information are already in place or can be introduced at any time. Executives and company leaders must consider the implications of technology reliance on the organization. They must ensure their organization and customer data is protected and stays confidential, with the integrity intact, while also remaining accessible within the organization.
Three key issues molds should evaluate during a technology risk assessment:
- Ability to control cybersecurity.
- Ability to upgrade or replace systems. As shops look to stay relevant, they will need to assess their current systems to ensure they are providing an optimized solution. Shops need to upgrade old and outdated systems to newer versions and technology.
- Ability to align operations with technology. Today’s business technology needs are quickly outpacing a mold shop’s information technology functions. Executives need to ensure their organization meets the demands of their technology user base to ensure sustained levels of productivity.
Mold shops must not only assess their needs but their technology risk. Without assessing the risk associated with that technology, they may be unaware of potential financial and reputation damage. Privacy issues and cybersecurity breaches often become highly publicized incidents, which can affect your shop’s perceived integrity. Therefore, it is vital that the appropriate controls are in place to protect the confidentiality and accessibility of private information.
Mold shops must not only assess their needs but their technology risk.
Risk Management Essentials
The risk management cycle is continuous and iterative. It begins with a shop identifying the risk universe by reviewing its broadest risk areas. Once they identify the root causes, they can develop action plans to mitigate these issues.
The basic steps of the risk management process include:
1. Identify the opportunities for risk within the shop.
2. Prioritize and filter the universe to quantify the impact, probability and risk tolerance.
3. Evaluate the prioritized risk items within the universe to determine remediation or mitigation strategies. During this evaluation:
- Develop a corrective action plan to eliminate or mitigate the risk.
- Determine steps to reduce risk to an acceptable level.
- Determine whether to transfer the risk to another lower-priority process.
- Determine whether management has a plan to accept the risk.
4. Monitor each identified risk item in the universe for events or prompts that indicate a change in the risk environment or control infrastructure.
5. Revalidate risk for changes or additions in the risk universe.
Technology Risk Assessment Timing
A shop can perform a technology risk assessment at any time, but there are certain indicators for the most appropriate time. Here are some suggestions:
- Annually to support the development of a multi-year, risk-based technology audit plan.
- When new technology risks or challenges are introduced into the business or technology environment.
- When organizational changes occur.
- Along with strategic actions such as mergers, acquisitions, outsourcing or off-shoring.
- During operational initiatives including organizational restructuring, changes in technology use and new applications of technology.
- When market condition changes such as growth, globalization, downsizing or stagnation.
- When the use of technology is reactive and is not keeping pace with business demands.
- When new or updated mandates are introduced (Sarbanes-Oxley, privacy, cybersecurity or internal controls regulations or industry standards).
A shop can also use a risk assessment for technology optimization, process improvement, resource focus, valuation services and due diligence reviews.
If your business has not performed a technology risk assessment, or if an existing assessment is more than a year old, now is a good time to contact your advisor.
Without a technology risk assessment and the corresponding remediation or mitigation actions, a shop may be vulnerable to an increasing range of threats that may result in legal liability, financial impact, regulatory non-compliance (state, federal, international), reputation damage, diminished resiliency, reduced reliability or lack of integrity.
The vulnerabilities uncovered by a technology risk assessment if not mitigated could also result in a decrease in your tool shop’s valuation, impacting stock value, equity, borrowing power, liquidity or a potential merger or acquisition. Vulnerabilities could also disrupt strategic alliances, joint ventures or result in a loss of client revenues.
Technology risk assessments are key components of risk management, and they are essential to identifying the danger zones in your business and effectively control these risks. Regularly scheduled technology risk assessments should be used to update risk management plans and programs and to monitor the progress of the organization’s overall technology risk management program.
If your business has not performed a technology risk assessment, or if an existing assessment is more than a year old, now is a good time to contact your advisor.
About the Author
Timothy M. Grace, CIA, CISA, CISM, CRISC, is the director of technology risk advisory services for Mueller Prost. Michael J. Devereux II, CPA, CMP, is a partner and director of manufacturing, distribution and plastics industry services.
For More Information
Mueller Prost
314-862-2070
tgrace@muellerprost.com
mdevereux@muellerprost.com
muellerprost.com
Related Content
Editorial Guidelines: Editorial Advisory Board
The Editorial Advisory Board of MoldMaking Technology is made up of authorities with expertise within their respective business, industry, technology and profession. Their role is to advise on timely issues, trends, advances in the field, offer editorial thought and direction, review and comment on specific articles and generally act as a sounding board and a conscience for the publication.
Read MoreHow to Improve Your Current Efficiency Rate
An alternative approach to taking on more EDM-intensive work when technology and personnel investment is not an option.
Read MoreMold Design Review: The Complete Checklist
Gerardo (Jerry) Miranda III, former global tooling manager for Oakley sunglasses, reshares his complete mold design checklist, an essential part of the product time and cost-to-market process.
Read MoreMold Builder Uses Counter-Intuitive Approach for Mold Challenges
Matrix Tool Inc. answers customers’ hard questions with creative solutions for cavity spacing, tool sizing, runner layout and melt delivery that reveal the benefits of running in a smaller press size at lower cavitation but higher yield.
Read MoreRead Next
Reasons to Use Fiber Lasers for Mold Cleaning
Fiber lasers offer a simplicity, speed, control and portability, minimizing mold cleaning risks.
Read MoreHow to Use Strategic Planning Tools, Data to Manage the Human Side of Business
Q&A with Marion Wells, MMT EAB member and founder of Human Asset Management.
Read MoreHow to Use Continuing Education to Remain Competitive in Moldmaking
Continued training helps moldmakers make tooling decisions and properly use the latest cutting tool to efficiently machine high-quality molds.
Read More