In most cases, supply chain refers to the network of companies and suppliers that help distribute and create specific products. For example, Apple Computers is one of the world’s largest supply chain employers, employing hundreds of smaller companies to produce all the individual parts needed for its laptops, iPads, smart phones and devices. It’s a lot easier to imagine supply chains in that respect, with companies contributing specific parts, but another huge supply chain is one whose end goal is not necessarily new products but services. The U.S. government employs hundreds of companies to help provide expert services and keep its daily missions and functions performing. In this case, each contractor comes with their own mitigated and unmitigated risks.
Companies in the Federal, State or Local supply chain are facing increasing pressure to ensure the cybersecurity foundations are in place and are rigorous enough to not introduce vulnerabilities into the government architectures or business processes. A supply chain can function just like any other chain where one weak link could cause repercussions across the rest of the network. In this case, hackers could potentially enter government networks by first infiltrating an unprotected smaller company down the chain. When a high-profile breach is attributed to a sub-contractor that was found to have inadequate cybersecurity practices or solutions, that sub-contractor can be released from their contract and can receive a reputation that impacts them longer term. Depending on the industry, they may also have to be in accordance with National Industrial Security Program Operating Manuel (NISPOM) requirements where companies must report breaches of classified information to the appropriate federal agencies or risk other consequences.
So, what should you do?
Research shows that as much as 43% of all cyber attacks target small businesses. Knowing this, there are the most basic of precautions that every company can take that will make it more difficult for hackers to access your systems.
- 1. Application whitelisting
- Application whitelisting refers to the practice of specifying which applications and programs are approved and permitted to be active on a network or platform. In general, applications known to be good and secure should be whitelisted and everything else should be blacklisted by default. This would require administrator permission to install anything on a computer, making it more difficult for malicious software to install itself.
- 2. Employee training
- Even basic employee training has been shown to have positive effects on a company’s cybersecurity. As most hacks and breaches come as a result of employee negligence or accident, having employees aware of what phishing is and being suspicious of emails is only going to improve your cybersecurity. This article provides a list of helpful training options.
- 3. Patch applications
- Make sure you are updating your computer and software when you get those notifications. Although annoying in the moment, patching is the best way to fix security issues and bugs that the developers have found in their programs, which are sometimes the way that hackers get in.
It’s pretty straight forward to make sure your company is not the weakest link in the chain. By implementing these basic security procedures, you are better positioned to protect your company, your client data, and your position on the supply chain. For more specific information on the needs of your company, contact WhiteHawk Consulting Services for a complimentary business risk profile.