Often you will hear about the supply chain as it relates to grocery stores or restaurants, but the supply chain actually has a very real impact on all businesses network security. Essentially, your supply chain involves the software you install, the companies you choose to work with, and the hardware you purchase.
Who is in my supply chain?
In this sense, an IT Support Company like briteCITY is part of your supply chain. If something were to happen on our network, it could very likely affect your network security. This is one reason briteCITY takes network security very seriously.
Other companies that are in your supply chain would include your:
- Internet service provider
- Software-as-a-Service company like Salesforce, Quickbooks, or Microsoft 365
- Building owner
- Hardware vendors like your credit card readers or PC’s
- Line of Business apps
- Even the restaurant you order lunch from!
Really, any company that has access to your network, whether physically, through software or hardware, or through the internet can be included in your supply chain.
For example, the person that brings your lunch into your business could leave behind a device that starts a Denial of Service attack on your network.
How can we ensure our supply chain is secure?
This is definitely the million dollar question. Obviously it would be near impossible to protect every possible scenario. You can, however, put some best practices in place to make sure your supply chain has minimal effect on your network.
1. Ask Questions
One of the best things you can do it so ask the hard questions of your supply chain. Ask them about their security practices. Do they have true multi-factor authentication in place for their systems both internally and the ones you use? Find out if they have Cybersecurity insurance in case a breach affects your operations. Essentially make sure they are doing what they can to ensure the security of their systems, which will in turn help keep your data secured.
2. Plan
Next, you need first make note of your supply chain. If you can, you can even go deeper and find out the supply chain of your supply chain. Once you have your list in place, you need to go through each company and make note of the damage that could take place if there was a breach at the company. Would your customer’s data be in jeopardy? Would your systems be offline for an extended period of time?
Figure out exactly how their security breach will affect your company and make a plan for how you will alleviate the situation. Who would you need to notify due to privacy laws and restrictions? Would you need to change vendors? What will the fallout be to your business reputation?
3. Minimize the damage
Find out how you can cut the link to the individual company in your supply chain as quickly as possible in the event of a breach. Do you have a backup system in place in case their systems go offline? In the event of a breach at one of the companies, execute on the plans you have already put in place. Hopefully this will keep the damage done to your company to a minimum.
If you find that one of your supply chain companies has extremely lax security, or is too much of a threat to your business, cut ties with them sooner than later. You would hate to wish you had done something after a breach happens.