How Your Supply Chain Can Impact Cybersecurity
When you think about organizations with a supply chain, the first industries that likely come to mind are grocery, retail and manufacturing. But, the truth is, all companies have a supply chain. Your supply chain involves the software and applications you install, the companies you do business with, and the hardware you use.
This supply chain can create a number of vulnerabilities in your network, so it’s important to not only focus on your own cybersecurity efforts, but to also be aware of the organizations you partner with and their security practices.
Who is in my Supply Chain?
Practically every company has a place in the supply chain, and supply chains are evolving to be as much about the flow of information as they are about the flow of goods and services.
You may recall a recent cyberattack on a major U.S. information technology firm called SolarWinds. This firm was the subject of a devastating attack that began on their network, but spread to its clients and went undetected for months. The SolarWinds hack was a perfect illustration of how one link can impact the entire chain.
Companies that may be in your supply chain include:
Managed service provider
Internet service provider
Software-as-a-Service company like Salesforce, Quickbooks, or Microsoft 365
Hardware vendors like your credit card readers or computers
Apps used in your line of business
Building owner
Even the restaurants your employees use their company card at
The simple answer is: any company that has access to your network, either physically or digitally can be included in your supply chain.
At Kotman Technology, we understand the role we play in your supply chain. Therefore, we make cybersecurity a priority for our own network. Each year, we perform a third-party cybersecurity audit to ensure our network remains secured.
Strategies for Securing Your Supply Chain
Each organization has their part to play in securing the supply chain. Unfortunately, we can’t protect against every possible scenario or know for certain that a member of our supply chain is doing their part. However, you can take steps to ensure sure your supply chain has minimal effect on your network.
1. Initiate A Thorough Process Of Discovery
The first step in securing your supply chain is to initiate a thorough process of discovery and understanding. You simply have to find out what and who are in your ecosystem. This includes every vendor, software and service provider, hardware manufacturers, etc.
You should also take this time to gain a clear understanding of what aspects of your infrastructure you have control over and where there are elements you have to rely on others to secure.
2. Ask the Hard Questions
Now that you have your list of suppliers, it’s time to make a list of questions to ask them about their own security practices. Do they have true multi-factor authentication in place? Do they conduct regular cybersecurity training with their staff? Do they have cybersecurity insurance in case a breach affects your operations. The goal is to make sure they are doing what they can to secure their systems, this will ultimately help keep your data secured as well.
3. Mitigate the Risks
Once you know where potential risks may affect your supply chain, you can begin a process of mitigating the damage they could cause. This can be done by:
Designing your business and security processes such that your most critical assets are insulated from vendor vulnerabilities.
Requiring vendors to provide evidence of certifications and other compliance initiatives that prove they’ve met certain baseline security standards.
Segmenting your systems so that you have the ability to pull the killswitch on one system or process without all the others grinding to a halt in the event of a breach.
If you find that one of your supply chain companies has extremely lax security, or is too much of a threat to your business, find an alternative.
Your business is too important to simply hope that your supply chain is doing their part to keep you secure. If the process detailed above sounds daunting, it’s because it absolutely can be.
If you currently work with a third-party IT firm, they have likely already completed the above steps for you, and may have even suggested software and hardware vendors that are on their “approved list”. If your IT firm is not actively securing your supply chain for you, then it’s time they started doing so - or for you to cut ties with a weak supply chain link.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.