Like buying a house, the supply chain works well when everyone is going at the same pace and has the same agenda i.e. to move out or move in on a certain date. But it only takes one weak link for the whole chain to fall apart.
When it comes to the supply chain it’s the same. However nowadays there is an additional threat to smooth running operations. It comes from both internal and external sources and you won’t notice until it is too late. The threat is cyber security.
Warehousing is no longer a manual operation. Increasingly, businesses depend on JiT (Just in Time) manufacturing, and of course the connectivity of Industry 4.0 supply couldn’t work without efficient and safe IT systems.
Helen Barge, managing director of Risk Evolves, which helps business understand and manage risk, warns that many businesses don’t realise they need to ensure their suppliers are as security conscious as themselves.
Helen said: “New EU legislation is coming in May 2018 which will give a wider reach to implement fines to companies that breach data laws. You may not be at fault, but your supplier is. Now, it is likely you will both be fined.”
So where are the dangers for the warehousing and logistics sector?
• Software: This must be maintained and kept up to date.
• Vulnerability: Run a vulnerability scan. This will show you the holes in your network and should be done routinely either by your IT Department or your IT supplier. Amazingly, security cameras – so essential in warehouses – have been targeted by hackers in the past.
• Access: Who has access to your systems and data, why have they got access and is it still needed?
• Staff: They are the targets for phishing attacks. Just one click on a link could lock down your system for hours
• Suppliers: Check what your suppliers have in place in terms of cyber resiliency. Are you making your own company vulnerable because of weaknesses in their system?
Helen said: “When you have found a good supplier cyber security is probably the last thing on your mind. So when you are doing your normal procurement checks, then add an information security check too.”
Her advice is to ask suppliers for evidence such as the government backed Cyber Essentials (CE) certificate. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyberattacks. https://www.cyberaware.gov.uk/cybe ressentials/docs.html Other certifications include ISO 27001 or, for smaller organisations, IASME. While CE performs an ‘MOT’ type annual assessment on an organisation, ISO27001 or IASME deliver ongoing process to ensure compliance. These controls are necessary as information is one of the most valuable assets that a business owns.
As Helen said you may not be at fault, but that won’t wash with your customers or legislators. Now, wherever you are in the supply chain, you are your brother’s internet keeper.
RISK EVOLVES
Helen Barge
Tel: 01926 800710
Comments are closed.