May 2017 | Commentary | Risks and Rewards

5 Steps to Protect Your Supply Chain From Cyber Threats

Tags: Security, Risk Management, Logistics, Supply Chain

With cyber threats affecting organizations worldwide, warding off cyber attacks and protecting against cyber espionage is becoming a top priority across industries. Manufacturers, distributors, and organizations, however, are not doing enough to make supply chains more resilient and prepared.

Whether your business is large or small, a startup or 40-year veteran, major security issues stem from not actively assessing your risk profile. Organizations can take the following five steps to limit the risks associated with cyber threats, and protect the supply chain:

  1. Put an incident plan in place.Well-planned decision making in the era of cyber risk is an important factor in protecting a company, and ultimately, a supply chain. When it comes to cyber threats, you need a response program in place before a breach happens. By drafting and implementing a strong plan, companies can take the necessary steps to address weaknesses and avoid becoming the target of the next attack.
  2. Conduct penetration testing every year. Companies should assess their risk profile and address weaknesses. Only one-third of companies surveyed in Sikich's 2016 Manufacturing Report say they conduct penetration testing annually. By conducting vulnerability scanning, companies can protect their supply chain, patents, designs, and more from falling victim to a cyber threat.
  3. Don't be the weak link. Whether warehouse worker or CEO, security is everyone's job. From locking the office door when you leave for the night to encrypting confidential files on a server or in an email—every person and action plays a vital role in ensuring the organization's safety. Hold all employees accountable for their actions, and provide a basic understanding of cyber security, the risks, and how to ward off threats. This can prevent your company and supply chain from becoming the weak link and an easy target.
  4. Add depth and breadth to basic security practices. Organizations should raise awareness among employees and protect their community—steps that can make a company more attractive to potential customers. So what can organizations do? Some companies require employees to change their passwords every 90 days. Others choose to have key cards over keys for entering secure areas in order to record entry and exit data. Each company has unique needs, but can benefit from understanding best practices and making decisions based on its risk appetite.
  5. Build security assurances into vendor agreements. While third-party vendors aren't employees of your organization, they do work for you and should be held to the same—if not higher—level of accountability. Companies should consider working with their legal teams to add security elements into vendor and partner agreements—such as an incident response plan and data security policy in addition to requiring all third parties to test those plans in joint exercises.

Adopting and implementing cyber-security standards build a safer environment for supply chain operations. Cyber criminals are relentless; not investing in cyber-security measures could derail your business. Taking proactive measures now can close that critical gap in your organization's security.






Visit Our Sponsors