Manufacturer Embraces Information Security as Value Proposition
A major factor in micro parts
Accumold is one of the World Leaders in Micro Molding Solutions, with more than 30 years dedicated to micro injection molding and tooling. Over the past three decades, demand has increased for small technologies resulting in the need for smaller, more precise micro moldings. Throughout this time, Accumold has differentiated itself from its competition by committing to delivering high-volume, small, complex micro injection molded parts with high quality and fast turn-around.
Their dedication to excellence has made Accumold a highly revered manufacturer of micro molded parts. Being a leader in the industry comes with elevated expectations. With some of the largest technology and medical device companies as customers, Accumold is entrusted with coveted trade secrets, intellectual property, and data.
Identifying the need
In early 2013, Accumold’s technology and basic cybersecurity functions were led by their two-person IT department. As information security challenges widened and client demands for protection and privacy grew, Accumold realized an immediate need to add information security expertise to their team. "Our clients expect us to protect their data as they do, if not better than they do," shared Tysen Landmesser, Information Technology Manager at Accumold LLC.
Upon recognizing the need to expand their information security proficiency, Accumold leadership was faced with the decision to either hire a full time individual to implement and run their security program or select a specialized security provider to lead the charge.
A full-time employee would be in-house and available all day, every day, which was an appealing thought. The challenge with one employee is finding an individual who could deliver on all the security demands of Accumold and its clients. The individual would need the experience of a CISO and the tactical execution of an analyst, and with all the experience and security knowledge, the cost of that employee could easily reach $200,000 with salary and benefits.
With an understanding of what it would take to bring a security professional on staff, Accumold began searching for options in the outsourced security provider space for comparison. Through this process, three information security consulting companies were selected to compete for the outsourced CISO service.
During their search, Accumold realized they were looking for more than a security provider, they were searching for a competitive advantage. They were already leaders in micro molding, but it was time to lead their industry in information security practices as well. Clients were pressuring Accumold to provide proof of confidentiality and integrity of their data. Accumold saw this as an opportunity to instill confidence in their clients by being proactive with their security program and preparing for the challenges ahead.
Making the selection
In the end, Accumold identified Pratum’s Virtual CISO (vCISO) service as the option that aligned best with their internal security goals and competitive aspirations. To advance their information security, they were going to need help from more than one person.
I know with Pratum as my vCISO, I not only have the lead consultant available to me but the entire Pratum team I can call on if I am needing something. Our clients require us to be available 24/7 and I know I have access to Pratum 24/7, and when I go home at night I feel safer having Pratum on my side. It’s a safety net.Tysen Landmesser Information Technology Manager - Accumold LLC
Not only did Accumold gain access to an entire team of security professionals, the customization of Pratum’s vCISO service enabled them to select a program that costs a quarter of the price of a full-time CISO.
When Accumold began their partnership with Pratum they expressed concern about Pratum’s ability to keep up with their needs. Tysen remembers Pratum’s CEO Dave Nelson following up by saying, “We will move as fast as you can.” The quote still sticks out in Tysen’s mind 6 years later. “Pratum’s level of preparedness showed through right away,” said Tysen, “We even tried to “outrun” Pratum for the first six months but couldn’t”.
Enjoying the results
The Pratum team developed a security program and schedule that aligned with Accumold’s desired speed. The relationship has been symbiotic from the beginning. If there are projects Accumold wants completed quickly, Pratum is up to the challenge. If Accumold needs to slow down to catch up with other responsibilities, the Pratum team makes sure not to overwhelm them.
Since partnering, Pratum has helped Accumold achieve notable security accomplishments, such as:
Increasing employee awareness of email phishing
Instead of opening and clicking on suspicious emails, employees identifying deceptive emails and reporting them to the IT department. Industry average for employees who click on email phishing is at 34%, while Accumold’s employees are well below the average at 9.1%.
Improving physical security of manufacturing facilities
To ensure precision of micro molded parts with unique requirements, Accumold provides isolated clean rooms, as well as temperature and moisture-controlled facilities for production. Contamination of these rooms, or even the smallest impurity, can alter part geometry, rendering it useless, which is why facility security is top of mind for Accumold and its clients.
To help Accumold assess their physical security and identify areas of needed improvement, Pratum performs organized facility infiltration testing. Consultants are tasked with attempting to socially engineer their way into secured facilities. The reports provided from these tests have helped guide Accumold in reconfiguring their facility and making updates to guest check-in and access control technology.
Exceeding clients’ security expectations
Clients not only demand the final output of their products to be perfect, they expect their R&D and product designs to remain secure and protected from outside parties. To ensure client data is protected, Pratum provides Accumold with guidance to grow their security program along with their business. This guidance includes insight into security best practices and emerging security threats.
Preparing and documenting an Incident Response Plan
Organizations that wait for a security incident before creating a plan will always be left to scramble for answers. Accumold has taken the proactive approach by working with Pratum to develop an incident response plan that guides every move when responding to security incidents. Developing the plan has also enabled Accumold to introduce new security controls that help reduce the risk of a breach happening.
Developing and implementing security policies and procedures
As Accumold grows, new employees, technologies, and business processes are being introduced into their environment. The continual changes warrant regular updates and adjustments to policies and procedures. To ensure the implementation of these changes doesn’t introduce additional risk, Pratum discusses these changes with Accumold each month and guides the policy and procedure development process.
Pratum has always done what they’ve said they would do, and I see them in our 5-year plan as we move forward.Tysen Landmesser Information Technology Manager - Accumold LLC
As security challenges shift and client demands change, Accumold continues to deliver the highest quality products while relying on Pratum to help them protect client data. Pratum and Accumold continue to prioritize security needs and work through challenges together. vCISO is beyond a security service, it is a lasting business partnership.