Is a Password Enough Protection For Your Supply Chain?

Pip Courcoux, Sales and Product Manager – CLIQ Systems at Abloy UK, discusses the current issues around cyber security and explains why organisations must assess the resilience of their suppliers to minimise the risk of attack.

The landscape of security and access control has changed over the last decade, with the introduction of technology that allows for traceability and time management within mechanical keys.

This has meant the conversation has changed – Passkeys, Cryptographic keys, Encryption keys are all becoming more commonplace. By default, we’ve become obsessed with cyber security, and high-profile cases and examples of data theft and loss are rife.

Research shows that 93% of large organisations and 87% of small businesses experienced a security breach in 2013, with affected companies experiencing roughly 50% more breaches than in 2012[1].

Although keys provide access to critical assets, including servers that hold customer data and provide access to offices where customers’ accounts are managed, we see many organisations that don’t know how many keys they have in circulation, or where they are at any given time.

The supply chain

For organisations handling any kind of data, great importance must be placed on resilience within the supply chain. When considering exposure to risk, physical supply chain management presents a number of unique challenges.

Add to this the complex risks that cyber security poses, and ensuring a safe supply chain environment can seem like an impossible task. How ‘stable’ are your suppliers, do you know where they get their products from, how safe and protected are their assets, and how robust are their own relationships with their suppliers?

Mitigating risk can involve identifying dependencies and vulnerabilities that can impact upon supply chains. Increasing the visibility of these areas allows organisations to anticipate their impact and to plan for the contingencies.

Data protection

When it comes to the security of your data, areas that need to be considered include:

What information are you sharing within your supply chain?

Where is the data located?

What are your suppliers doing with that information?

Are they reselling that data?

Is there a data controller and processing agreement in place?

Are they prepared for compliance to the General Data Protection Regulation (GDPR)? Enforcement date: 25^th May 2018.

How would you deal with a data breach?

The GDPR is a binding legislative act from the European Union for the protection of personal data. The Regulation tackles the inconsistent data protection laws currently operating throughout the EU’s member states and facilitates the secure, free flow of data.

If an organisation fails to comply with the Regulation it could be fined up to 4% of the company’s global annual turnover – and could severely damage its reputation.

(Source: Abloy UK)

[1] https://www.gov.uk/government/publications/information-security-breaches-survey-2013-technical-report