COLUMN: Federal review turns to role of small and medium-sized businesses in supply chain
Image by Mika Baumeister on unsplash.com
California’s role in the global supply chain, with its wide exposure to the east, is unmatched but also threatened by cybersecurity attacks. State enterprises not only need to protect themselves from devastating attacks, they also need to make sure they know their place in this sprawling supply chain and how important they are to overall security.
Many small and medium-sized enterprises (SMEs) do not think they will be targeted or find it difficult to visualize their critical importance in the supply chain. But also last month, federal officials warned against expanding hacking campaigns against SMEs as a conduit to their more expensive customers further down the supply chain. The reputational liability of these attacks is already huge and growing rapidly for SMBs.
The federal government is increasingly making tools and resources available to help companies that are important to the supply chain, no matter how small. Just last week, the Department of Homeland Security’s Critical Infrastructure Security Agency launched a new set of tools to help companies monitor certain technical functions for risk: https://us-cert.cisa.gov/resources/smb
This is a particularly difficult time, as SMEs face a very different supply chain risk: delivery delays and skyrocketing costs. Many small businesses have fewer resources than ever before to deal with other threats. The reality, however, is that the scrutiny of all businesses when it comes to cybersecurity is only going to increase. In particular, companies that are part of the Information and communications technologies The supply chain is increasingly under the microscope of federal authorities because of their interconnected importance to all critical functions in the United States. Fortunately, there are a number of free and inexpensive ways to start focusing on this important issue.
A quick start to better manage supply chain risks:
- Know thyself: As a small business owner, no one knows your business better than you. If any of them fall into one of the 17 critical infrastructure categories of DHS, you are supporting a critical function. You may want to consider segregating the clients that fall into these categories and making sure that you pay more attention to your security protocols with them.
- Focus on resilience: Do you have adequate backups to keep you running even in the event of an outage? Can you recover quickly from a ransomware incident? Have you trained your employees to avoid phishing emails and ignore fraudulent attempts to change transfer information? Training doesn’t have to be formal, expensive or time-consuming – it can be as simple as a company-wide email, notifying your employees of a specific threat and asking them to take action. specific measure to avoid this threat, ie: “Scammers are constantly trying to get private information about our employees. Never give information to W2 over the phone without confirmation from the HR manager.
- Protect data stored on end-of-life devices: Companies do not pay enough attention to the data storage technologies they use and what happens to that technology at the end of its life. For environmental, regulatory and sustainability purposes, these devices should be recycled responsibly. When this happens, part of the process should always include the complete and physical destruction of the data. Guaranteed destruction of data is key. Some companies think their data is erased when they drop off devices for recycling, and that’s not always the case. In addition, the unethical and illegal shipment of electronic waste abroad has become an additional layer to the material security problem, as it leads to the total liquidation of our national security and the privacy of individuals. US businesses and individuals. Recycling these devices is important, but it must be done the right way. Make sure your e-waste recycler is NAID approved.
Kate Fazzini is CEO of Flore Albo SARL, assistant professor of cybersecurity at Georgetown University, author of Kingdom of Lies: Baffling Adventures in the World of Cybercrime and was a cybersecurity reporter for the Wall Street Journal and CNBC.
Jean Shegerian is co-founder and CEO of IRA, the nation’s leading fully integrated computing and electronic asset disposal provider and cybersecurity-focused hardware destruction company. The first five readers who email this address link will receive a free signed copy of John’s new book, The insecurity of everything.