In today’s interconnected business environment, cybersecurity should take center stage when protecting your organization. While it’s crucial to focus on securing your own business, have you also considered the potential risks posed by the cybersecurity posture of your suppliers and partners?
A weak link in their security could have serious consequences for your organization, and one of the most common and risky scenarios we encounter is a lack of robust internal processes and employee training.
While technology plays a critical role in cybersecurity, it can only go so far. A phishing email requesting your login information, for instance, has a very high success rate when an untrained, or easily mislead, employee assumes that it is real. Once those credentials are taken, it often takes days, or longer, before a company realizes they have been compromised. Imagine the damage that can be done during that period.
Imagine this: a supplier you’ve trusted and worked with for years suffers a cybersecurity breach, and they’re unaware of it.
Suddenly, you start receiving legitimate-looking emails requesting a change in payment details. These emails reference real invoices your company recognizes, making them appear authentic, and may come from a known email address. This kind of event happens and can lead to costly mistakes. Businesses have lost hundreds of thousands of dollars by transferring funds to fraudulent accounts, only to discover later that they were deceived by cybercriminals.
What can you do about it?
In a world full of 3rd party vendors, software providers, service providers, and more, it is impossible for an organization to operate without some exposure to others’ security practices. Since you cannot change how they operate, you need to double down on how you operate.
Employee training, and cyber street-sense, are the single biggest factors preventing social engineering. Your people need to be able to identify when something is “off”.
Robust internal controls play a key role in both preventing a security breach, identifying one as quickly as possible, and providing a known path to remediation. They enable you to give guidance to your employees with defined processes for high-risk activities like updating payment information.
When in doubt:
- Pause and Verify: Do not act on a request immediately, no matter how legitimate it seems.
- Make a Phone Call: Reach out to your contact at the supplier directly using a trusted phone number (not the one provided in the email). Confirm the email’s request.
This simple step of verbal confirmation can prevent a potential financial disaster. If your supplier denies any knowledge of the request, it’s a red flag that they may have been compromised. At this point, their IT team can be alerted to investigate and address the breach.
Building a culture that protects you
Security, by its nature, can be inconvenient, and often the biggest barrier to good practices if the feeling that they add more work or complicate something that was simple.
The reality is that today’s cybercriminals are full time employees of criminal enterprises. They are well studied in human nature and specifically target those sentiments to improve their chances of success.
This makes administrative, financial, and executive roles, the most common company roles to be successfully engineered. These are people who are accustomed to completing tasks quickly and may be resistant to changes they view as unnecessary or inconvenient and often have access to critical internal systems.
This is why a culture of good practices must start at the very top of an organization to set the example for everyone else. An employee who double checks a transaction with their leadership is an asset.
Everyone is all-in
Cybersecurity is a shared responsibility. Protecting your organization means not only securing your own systems but also being vigilant about the risks posed by others in your supply chain. A simple phone call could save your business from significant financial loss and help alert your partners to potential threats, fostering a safer environment for all.
Looking to implement better cybersecurity practices?
Contact us today!
