“Supply chains can be secured by addressing three key areas…”
Codified policies and legal agreements; defined limited access with monitoring and auditing; and robust internal IT security technology and policies.
Policies and Agreements: Companies first and foremost must ensure that any supply chain vendors have security policies and procedures that are codified, validated and certified. Validation and certification can be verified through legal certifications like HIPAA Business Associate Agreements or accredited auditor reports like a PCI Audit. Furthermore, the validity and reliability of security measures can be verified through in-house or third-party testing of systems and procedures. Contracts between companies and their relevant vendors should be drawn up to clearly outline the access and use guidelines so as to accurately allocate liability in the case of breach. These agreements should also require supply chains to notify vendors or partners of breaches in a timely manner so as to prevent further invasion or hacking of business data.
Limited Access: Additionally, security can be strengthened even further by establishing a system of limited network access for relevant vendors. Access should be as restricted as much as possible and checks and balances should be put in place to maintain this restriction. Any access by supply chain vendors or partners should be monitored and audited to ensure the appropriate nature and extent of use. As relationships with different businesses and partners will vary, there is no ‘one size fits all’ solution and levels of access will differ. Therefore, all stakeholders for those systems need to be involved in setting up the appropriate mechanisms of security, access, monitoring, auditing and management. There must also be consideration made for the fact that establishing network access for vendors can’t be handled using a ‘set it and forget it’ approach. Security mechanisms should be regularly and continually reviewed to determine areas of weakness and implement necessary changes.
Internal Security: Finally, businesses themselves must employ responsible, proactive and defensive IT strategies consistently. This includes standard IT solutions like antivirus, anti-spyware and firewall technologies but it must go further than that. Advanced IT technologies including DNS filtering, network access control and exception altering are incredible assets for secure and thorough protection. Intelligent business continuity systems should be implemented to allow for an efficient and full recovery in the event of any kind of breach. Intelligent business continuity solutions include both local and cloud-based imaging back-up solutions and the ability to reinstate systems to a point prior to the breach so as to efficiently restore business functionality.
Implementing proactive, extensive and validated IT security solutions and establishing clear and limited access guidelines for supply chain vendors are a company’s greatest defense against cyber attack. Ensuring these defense mechanisms are in place and continually monitored is critical to the protection of both business and vendor data and continued productivity.
to read the full article please click here
“Daniel and the people in his company are some of the most knowledgeable I have come across in the field. Additionally, they are responsive, do what they say, when they say, and proactively communicate, so you know what the problem is, what it will take to fix it, what it will cost and who in your company it will impact. Their solutions work the first time and are cost-effective.”