Supply Chain Cybersecurity Best Practices

Security Lock

A complex supply chain is replete with challenges, among them cybersecurity. Even where your IT team is working hard to protect your company’s networks and systems, a third party could be lax in protecting you from cyber crime.

What is a supply chain?

Supply chains are multiparty ecosystems involving many vendors and suppliers who may have access to the IT infrastructure of your business. Increased efficiency and expedited processes are possible thanks to these interconnections.  However, these connections also increase the attack surface, giving cyber criminals more possible entry points into your network.

Cyber Supply Chain Risks

Supply chain cyber attacks are on the rise, and hackers are targeting all companies in the supply chain ecosystem, from end-users to software providers to suppliers.  A recent survey indicated that of 1500 organizations located in the U.S., UK, Singapore, Switzerland and Mexico, 80% had experienced a data breach caused by a security lapse in their supply chains in the previous 12 months. 

Best Practices for Cybersecurity in the Supply Chain

To address cyber risk in the supply chain, here is an overview of some best practices to apply to all your vendors.

1. Every RFP and contract should include security requirements

Details of cybersecurity obligations to be met before doing business with your organization should be provided.

2. Review your current contracts to ensure your vendors have security obligations to you

Once a vendor is accepted in your formal supply chain, you should work with them to ensure they address any vulnerabilities and security gaps.  Make it a requirement that they promptly report to your organization any security breaches they discover.

3. Zero Tolerance

Products that are found to be counterfeit or do not meet specifications should be sourced elsewhere.

4. Control component purchases from approved vendors.

Any products in your organization’s supply chain need to have security controls in place. Purchases of components from approved vendors must be prequalified.  If purchasing from other vendors, products should be closely inspected before acceptance. 

5. Minimize Access

Follow the principle of the least privilege. Impose tight controls on access by service vendors.  Use network segmentation to separate third-party vendors from unnecessary critical applications and data. Consider dividing third-party vendors that have access to the organization’s IT network into separate segments based on the services/functions they provide.

Supply chain risk management requires ongoing attention, just as your internal cybersecurity protections do.  Remember that your organization is also part of a supply chain, with an obligation to help protect your customers, business partners, vendors and employees from cyber attack. 

Consider contacting BSC Solutions Group if you have concerns about your level of cybersecurity protection. We help organizations reduce the risk of data breaches and ransomware attacks that can have financial consequences. Get started with an initial Cybersecurity Assessment followed by a Cybersecurity Strategy that fits the unique needs of your organization and your budget.

July 14, 2021 7:29:50 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.