Is Your Supply Chain a Cyber Risk To Your Business?

Understanding the cyber risks in your supply chain is crucial for business protection. From prevention to breach response, get insights on how to safeguard your business against cyber risks in today's digital world.
May 15, 2024 | Manufacturer
By: Michael S.
I have over 40 years experience in a broad range of manufacturing areas. Starting with an apprenticeship in Germany I’ve worked my way through a variety of positions within the manufacturing field. I got my start as a Tool and Die maker. I next became a supervisor of a class A tool room, then manager of a machining department. I was exposed to lean manufacturing in the mid 90s and adapted the lean philosophy. Loving and teaching the lean approach, I moved on to become a Continuous Improvement manager which led to a job as a manufacturing manager. I joined Acuity in 2015 as their manufacturing expert. I hope to evolve how manufacturers deal with and think about insurance companies, as well as be a resource to my fellow employees – enabling them to better understand the unique needs of manufacturers.

When you think about cybersecurity, payment processes and customer data may come to mind, but it is also important to think about your supply chain.

 

Unfortunately, cyber threats and attacks are real. The Identity Theft Resource Center reported 1,802 data compromises in 2022 and there are likely many more that were unreported, unnoticed, or never made public.

 

You have probably taken steps to protect your company. You may have developed a cyber policy for your business, trained your employees, added firewalls and security software, and established a guest network for visitors. You might be scanning flash drives and memory sticks before inserting them into your system and adding lengthy passwords that need to be changed frequently. You may have implemented two-factor authorization for all financial transactions regardless of size. That is a great a start, but what about your third-party vendors and customers?

 

Customers may require you to connect directly into their networks to allow communication and better visibility of order status. Or you might require suppliers to connect with your business for similar reasons. These third-party connections could expose your business to additional cyber threats. Protection needs to be a coordinated effort among all who are connecting.   

 

Before you consider letting others join your network, here are a few basic things to think about:

 

  • Shift your thinking from what you'll do if a breach occurs to what you'll do when a breach occurs. 
  • Develop a strategy that addresses both breach prevention and response.
  • Not all breaches are technical, so they cannot be prevented by technology alone. Many are caused by humans or processes. Everyone within the supply chain needs to ensure sound cybersecurity measures and practices are in place.
  • Both physical security and cybersecurity should be addressed. Hackers will exploit either to access a system.

 

When others need to join your network, some key questions to ask are: 

 

  • What are your cybersecurity processes and policies?
  • Is your process documented and repeatable?
  • Do you have a plan to mitigate potential or known cyber risks and liabilities?
  • What level of testing do you perform on your systems?
  • How do you vet suppliers that join your network?
  • What do you have in place to mitigate a breach?
  • How do you notify your network partners of data issues, a breach, or other potential problems within your network?
  • What is your process of screening:
    • New hardware and software?
    • New systems and processes?
    • New partners to your network?
  • What access controls do you have in place:
    • For internal and external users?
    • For third-party system managers?
  • How and what is encrypted?
  • How long is data retained, backed up, and or/destroyed?
  • What happens to data after the business venture is dissolved?
  • What kind of background checks are performed on employees with access to sensitive data?
  • How are you protecting intellectual property?

 

This list is by no means complete, but it can help start the discussion and aid in identifying problems and concerns before system access is allowed.

 

To help protect yourself and your partners, you could become certified in ISO/IEC 27032:2012. You can also contract with a cybersecurity firm or solution provider or connect with NIST (National Institute of Standards and Technology), which has been working with leading private and governmental institutions to develop standards for cyber protection. They are a great resource for cyber risk assessments.

 

Digitally connecting your firm to others is becoming necessary as we continue to advance our processes and business relationships. However, this does not mean you must connect to everyone. Educate yourself and ask your partners serious questions about how they are protecting themselves and their partners. Before connecting, make sure you understand what is expected of you and what you can expect of your business partners. This it totally acceptable in today’s cyber world. 

By: Michael S.
I have over 40 years experience in a broad range of manufacturing areas. Starting with an apprenticeship in Germany I’ve worked my way through a variety of positions within the manufacturing field. I got my start as a Tool and Die maker. I next became a supervisor of a class A tool room, then manager of a machining department. I was exposed to lean manufacturing in the mid 90s and adapted the lean philosophy. Loving and teaching the lean approach, I moved on to become a Continuous Improvement manager which led to a job as a manufacturing manager. I joined Acuity in 2015 as their manufacturing expert. I hope to evolve how manufacturers deal with and think about insurance companies, as well as be a resource to my fellow employees – enabling them to better understand the unique needs of manufacturers.