The entire supply chain must be prepared for cyberattacks
Most companies depend on third parties to provide their products and services. These third parties might be responsible for your logistics, host your website, supply your office material... and could be located anywhere in the world. Technology is opening up a world of opportunities, but at the same time, it poses new threats that must not be ignored.
How does this happen?
As part of supply chain attacks, cybercriminals identify the weakest link in terms of online security and try obtain access to its systems. This way, once compromised, it is easier for them to reach other companies in the chain.
Minimise the risks
Being aware of online risks as regards your supply chain and taking measures to mitigate them will not only improve your security, but it will also help to generate trust with your customers and suppliers.
- Define your standards: define your company's risk appetite and the minimum standards for the third parties you work with. For example, using a shared web housing service is an affordable option, but you would probably prefer for your business' information to be separated from everybody else's.
- Assess your suppliers' risk regularly: when you start working with a new partner, find out more about their security controls and practices. Later on, regularly review them to make sure they are in line with the changing market trends.
- Keep your business in order: it's not just about your suppliers, you are part of the chain too. Are you taking appropriate action to protect your business online? Our 5 online security principles provide simple, practical tips so that everybody at your company can apply them.
What should you do if somebody in the chain suffers an attack?
- Establish an alert process and make sure that the employees who interact with them are informed.
- Make sure that you have a contingency plan in place about how to continue working until the problem is resolved.
- Run a comprehensive security analysis on your systems to make sure you haven't been affected.
- Change the passwords of all your accounts and programs you share with the affected third party.
If you suffer an attack, inform the members of your chain so that they can take the appropriate measures.