Supply chain attacks are increasingly common and they don’t only happen to big-name businesses.
Wondering what a supply chain attack might look like for you?
- Upstream example: perhaps your supplier updates their software; however, unknown to them, that update contained malware. Your supplier’s system is now compromised, and any information that they held about you is now available to the attacker. Did your supplier hold any of your information—about you, your business or your customers? Did your supplier have log in details to any of your systems?
- Downstream example: an attacker compromises the product or service you provide to your customers while it is in transit, so that your customers do not receive the secure and well-functioning item they expect from you. Your reputation—and therefore your business—is now at risk.
Protecting your supply chain: supply chain mapping
The first step is to map your supply chain, so that you understand who your suppliers are. If you are a tiny organisation, this is likely to be fairly straightforward. It’s still worth doing. The resulting register will serve as a useful document as part of your business continuity planning. And you may find that you can reduce your outgoings if you no longer need something that you are currently paying for.
However, once your business gets bigger, mapping your supply chain can become more difficult. You may need to go through a multi-stage mapping process:
- Going through payment records to see what purchases have been made
- Asking people what products/services they use to do their work day-to-day
- And working through the end-to-end work-flow of your organisation to see what you might have missed.
Don’t forget:
- If different departments in your organisation control their own budget, they may be using suppliers that you aren’t aware of.
- Not all suppliers are paid-for. Is anyone in your organisation using a free service to support their work? And would it cause a problem to your work-flow if that service became unavailable?
- Depending on the way purchasing works in your organisation, you may need to look at:
- the invoices you have received
- records of company credit card purchases
- and even expense claims.
- Some suppliers may be so fundamental that people don’t think of them when listing out what they need to do their work (utilities, for example).
- Others may be infrequently used, but vital when they are needed, so can be easily forgotten when not in use.
- Some may not even be thought of as suppliers—perhaps some small utility integrated with the organisation’s systems a while ago that has become essential to productivity, but is no longer even noticed.
In future blog posts, we will look at what you can do to protect the security of your supply chain now that you’ve mapped it out.
In the meantime, if you’d like some help with your supply chain security, contact us for a chat, to see how we can help.
