IT Security in Your Supply Chain

human chain graphic

With the level of connectedness in our world, including dependence on hosted applications and cloud computing, the IT security of your supply chain has become just as important as your own.  You may have been diligent in your actions to protect your corporate network and data, but what if your vendors or partners have not?   Examples of this can easily be found in the news.  Of particular note was the “NotPetya” attack in the summer of 2017.  This attack was first aimed at the Ukraine, but then went on to cripple hundreds of companies, including  global shipping giant Maersk and all the way to a Pennsylvania hospital.  There was an estimated $10 billion in losses.  This is an example of a ransomware attack that quickly spread to organizations that were not directly connected to the original targets. 

According to a recent Gartner study, 70% of business and IT executives say they have no idea how protected their third-party vendors or partners are when it comes to their IT security.  Most say they rely on trust alone. 

Getting your own house in order with respect to your IT security is a tall order in itself.  Extending that to your vendors and partners, of which there may be many, can be a daunting task. 

Here are some suggestions:

Effective, routine employee training programs need to be a priority and a requirement. Your people need to understand the cybersecurity risk landscape and how to mitigate those risks. They also need to understand the repercussions that can come from leaking information either accidentally or maliciously.  These can be contractual penalties, legal costs,  loss of reputation and loss of customers.  Since employees are by far your greatest risk factor, making them as aware and vigilant as possible is a must.  

Just as you need to have policies and controls in place to protect your organization, so should you require these to be in place with your vendors and partners.  As an example, clear guidelines need to be in place for all users handling data and intellectual property regardless of their employment status, device being used, or location. 

Ensuring your vendors and partners are complying with your required policies and controls is important.  Consider the consequences if one of your vendors has a security breach, which affects your customers.  Your organization could potentially be held equally responsible.  Verifying this compliance should be done on a regular basis. 

Your data, handled by various vendors, most likely travels beyond their network and is potentially exposed to many other vendors and third parties they do business with.  Knowing what the data flow is and who might come in contact with your data is something you have a right to know.  Ask to see a data flow diagram. 

To summarize, in order to have an acceptable level of IT Security in your supply chain, your organization’s IT security practices and policies must extend beyond your own network.  If not, one of your vendors or partners could be the weak link in the chain that brings a cybersecurity nightmare to your doorstep. 

To learn more about cybersecurity best practices, contact us.

September 17, 2019 4:02:31 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.