Issue link: https://iconnect007.uberflip.com/i/1419905
OCTOBER 2021 I PCB007 MAGAZINE 45 domino effect that impacted virtually every piece of equipment we had in the plant. We had to have the internet, which communicates out- side, made secure; and intranet, which com- municates inside the facility, be able to quar- antine information that was on older systems allegedly vulnerable to cyber hacking. Now it must be Windows 10 soware and not any- thing older than that. We have DOS still run- ning in our building. We have some of our old Excellon machines that work great, but the soware is ancient. We needed to find a lot of workarounds to make sure that the data coming in and out of the building was secure and nobody could get it. Once it was in the building, we had new protocols and, in some cases, new methods for communicating with equipment that was offline and safeguards to make sure that the offline data did not end up in an online envi- ronment. All that requires additional servers, and not just hardware, but process and pro- cedure changes. at was what surprised me, because I thought it was going to be rather sim- ple—we update the computers, we update the server, done deal. Instead, we discovered it required buying expensive stuff, like switches, servers, and all kinds of equipment which you don't think about; you don't think about the expense and it can begin to add up. To update some of our equipment, we had to have new methods for when suppliers come in with a laptop and they want to update the so- ware; in a secure IT environment, they can't do that. Now they must go through a different protocol, which none of them like because it's a real nuisance; we understand that, but you must do it. Even with equipment you don't think about, like controllers for heating and air conditioning, suddenly they have to be secure. It was just kind of a surprise. We're a small company; we don't have an IT staff that can race around and do it all, so we had to change how we operate. We had to find an IT company which had expertise in security and compliance. Previ- ously, we had someone who would come in and fix stuff, and he was wonderful, but he had no interest in worrying about whether it's HIPAA-compliant, SEC-compliant, or cyber DoD-compliant; he didn't want to do that. We had to bring in a firm and get them up to speed on what we do. All that time and effort was a surprise, and as difficult as it was for us, I'm sure every company in the industry is going through something similar. I really feel that it's a scalable expense. Whatever I spent, you could probably just take the company's sales and use the multiplier against our cost and it's probably going to be that kind of a cost for them. ere's no cheap way out. I don't think there's any economies of scale. e more facilities you have, the more lines you have, the more people you have, the more issues come up that need to be dealt with. Now you're paying for licenses for every- one's email accounts, so they are able to two- factor authenticate everything they do. It's been extremely interesting. As you may know, I've been frequently on the Execu- tive Agent calls and various IPC committees on 219B, 1791, and so on. I keep telling them I'm the poster child of the small guy, so if I'm telling you I can't afford to do it, or I can't do it, that means that there are a lot of other companies, maybe outside our industry, that are going to be in the same awkward position of having to make "Sophie's choice." What do you do next? The more facilities you have, the more lines you have, the more people you have, the more issues come up that need to be dealt with.