As part of its ongoing journey to being a World Class Manufacturers of Labels, Mercian Labels is currently the only UK Label Converter to be accredited to the highest ‘plus’ level of the leading UK Government endorsed, cyber security standard.
This accreditation demonstrates that the company has robust procedures and protections in place to secure their own business and give confidence to its blue-chip customers that its manufacturing facility is resilient against cyber-attacks.
Cyber Essentials Plus (CE+) is a government -backed scheme, that is independently verified by an accredited external penetration tester who conducts a series of technical assessments across various attack vectors to ensure the company is sufficiently protected. These include:
- Boundary firewalls
- Secure asset configuration
- Internal vulnerability scans
- MFA enforced accounts
- Patch management
- User access controls
- Malware protection
- Mobile assets
Dr Adrian Steele, Managing Director, Mercian Labels said: “Cyber-attacks are becoming more and more sophisticated and frequent in today’s world, and the technical controls you need to deliver a resilient manufacturing platform in labelling are very challenging.
We started our journey towards this standard 2 years ago, and are delighted to have now achieved the highest Cyber Essentials Plus standard, building our basic Cyber Essentials certification in 2021.
Our biggest customer drove our push to accredit to the top CE+ standard as the profile of work we do in high volume variable barcode labelling is particularly sensitive.
The assessment process was particularly demanding, with a cyber security hacker trying to breach our cyber defences in many different ways including firewall penetration tests, many types of email malware, malicious browser downloads, and internal vulnerability scans probing for weaknesses. Many different computers were ‘attacked’ in many different ways, and all passed the assessment.
It’s a big step up from the basic Cyber Essentials standard for us. It was particularly tough to ensure compliance on our large printing and converting machines with built in operating systems using ‘Industry 4.0 smart factory’ connections to our network and ERP systems, as these are typically built to be standalone machines and not configured to be on a secure network and resilient to attackers. As an example, in the preparation phase we discovered that one new machine was shipped with obsolete Windows 7 operating systems as recently as 2021 so upgrading them all to pass the assessment was a challenge. However modern world class factories demand high levels of interoperability and JDF connectivity, and so it had to be done. Early engagement and collaboration with our technology providers was key to this project.
Enforcing multi factor authentication for all our users and systems was also a new requirement on our staff across the business. Our team has a wide spectrum of abilities in IT like any organisation and MFA for system access was new for some.
This independent certification sets us apart from our competitors in the market and shows Mercian Labels’ customers and other stakeholders that we take the security of our information and theirs very seriously and are highly resilient against crypto locker and other potentially catastrophic attacks from threat actors”.