We continue our Managing Your Supply Chain Series and our next topic is Cybersecurity.

Cybersecurity has become more of an issue in recent years.  Some Customers may require proof of your Cybersecurity prevention practices or possibly your certification of being CMMC Level 3 compliant.  In any case, no matter what your Customers require, it’s still important for you to take a few preventative measures to protect your company’s computers, data and employees.

Last April, we posted a detailed blog post on the path to getting officially Cybersecurity compliant (The Million Dollar Risk of NOT Being Cybersecurity Compliant) and we won’t revisit that material here.  In this article, we’ll touch on a couple of obvious opportunities and challenges pertaining to Cybersecurity, as you operate your business and deal with your Vendors.

Since we are both a Vendor to some companies and a Customer to others, we deal with both aspects of the challenges of maintaining Cybersecurity.

This week, we’ll review three questions about the biggest things to consider as you maintain Cybersecurity for your company up and down your Supply Chain:

1. What is the biggest threat to your Cybersecurity?

The word Cybersecurity brings to your mind movie plots about sinister plots to take over the world.  Attackers that have evil intent to cause harm and execute a diabolical plan to ruin you and your company.

The fact is that, as a smaller company, you’re not much of a target for such a specific plot.  The biggest risk to your Cybersecurity is not an evil genius intent on your demise.  It’s the thousands of emails you and your company receive on a daily basis that include threats that are spammed to the masses in an effort to get you to make a wayward click.  Spamming is a numbers game, so it’s rarely that you’re a specific target.  Rather, you’re among the masses getting those emails and many of them seem entirely legitimate.

Two big tips to counter this threat:

1. Training!  The more examples you see, the more easily you’ll recognize a threat.  There are numerous organizations that provide training and many of them work with local business support groups to provide that training for little or no cost.  Sharing examples with your Team on a regular basis can provide an entertaining way to increase awareness.
2. Look at the detailed email address of the sender!  Most times, the sender of a Cybersecurity threat will have a Username that is intentionally familiar to you (the name of a friend or a company you deal with on a regular basis) but a review of the actual email address shows it doesn’t actually match up and is a scam.

2. What’s the Biggest Red Flag in an Email’s Content to Suggest it Might be a Scam?

The number one topic of emails that are questionable is money!  From tax forms and bank accounts to preventing penalties and confirming receipts, you’ll see a wide range of email topics designed to get your attention for immediate action.  Money issues typically seem important and that’s why the topic draws attention.  The more realistic the email sounds and the more urgent, the more likely you are to click on something before you think it through.

One common Supply Chain scam is to contact companies pretending to be from a Supplier and asking to change the remittance information.  Like so many other examples, an event as significant and sensitive as changing the remittance information would likely be communicated in several different ways within a Supply Chain.  Rarely would it be a single email, and it would almost always come with others from the company copied in.  These things seem obvious in hindsight, but it only takes a few moments to click the wrong spot and begin a disappointing situation.

3. What’s the Biggest Mistake You Can Make After You Accidently Click on the Wrong thing?

You click.  And suddenly you have that sinking feeling.

Worse, you click and your computer starts doing something unexpected.  What do you do?!?

The biggest mistake you can make is to Wait!  Don’t wait to shut down your computer.  Don’t wait to get your IT support staff notified.  Don’t wait to let the rest of your Team know, especially if your system starts sending them emails that will further propagate the problem.  If you know there was a direct negative financial result, don’t wait to let your insurance company know what’s going on.

Getting others in the loop on what’s happening is the best defensive move to take after you’ve made a mistake.  Your IT professionals know more about Cybersecurity and are better equipped to handle the problem.  Your Team, once alerted, will be able to make sure it doesn’t get worse.

Yes, it’s embarrassing to click on the wrong thing or open the wrong attachment, but waiting to acknowledge your mistake will cost your professional Team valuable time to start fixing the issue.  Everyone makes mistakes and accept that your embarrassment is just part of the damage from the incident. 

Time is money and the sooner your Team can begin recovering from the problem, the more quickly you can recover.