When you think about cybersecurity, payment processes and customer data may come to mind, but it is also important to think about your supply chain.
Unfortunately, cyber threats and attacks are real. In 2020, from January through June, there were 540 publicized data breaches and likely many more that were unreported, unnoticed, or never made public.
You have probably taken steps to protect your company. You may have developed a cyber policy for your business, trained your employees, added firewalls and security software, and established a guest network for visitors. You might be scanning flash drives and memory sticks before inserting them into your system and adding lengthy passwords that need to be changed frequently. You may have implemented two-factor authorization for all financial transactions regardless of size. That is a great a start, but what about your third-party vendors and customers?
Customers may require you to connect directly into their networks to allow communication and better visibility of order status. Or you might require suppliers to connect with your business for similar reasons. These third-party connections could expose your business to additional cyber threats. Protection needs to be a coordinated effort among all who are connecting.
Before you consider letting others join your network, here are a few basic things to think about:
When others need to join your network, some key questions to ask are:
This list is by no means complete, but it can help start the discussion and aid in identifying problems and concerns before system access is allowed.
To help protect yourself and your partners, you could become certified in ISO/IEC 27032:2012. You can also contract with a cybersecurity firm or solution provider or connect with NIST (National Institute of Standards and Technology), which has been working with leading private and governmental institutions to develop standards for cyber protection. They are a great resource for cyber risk assessments.
Digitally connecting your firm to others is becoming necessary as we continue to advance our processes and business relationships. However, this does not mean you must connect to everyone. Educate yourself and ask your partners serious questions about how they are protecting themselves and their partners. Before connecting, make sure you understand what is expected of you and what you can expect of your business partners. This it totally acceptable in today’s cyber world.