On the 10th Day of Christmas my supply chain gave to me…

Pixabay image by cocoparisienne: cyber-security-hacker-computer

… 10 loads of data

(The 12 Days of Christmas officially end on Jan 5 every year)


You’re swimming in data from your supply chain.

But can you trust it to not be a trojan horse sneaking in bad actors without your or the sender’s knowledge?

These 10 data points should help you immensely in protecting your supply chain and strategic data:

  • Know where your data is coming in/going out from in your supply chain and protect it. Cyber thieves are very clever and can access your supply chain data in amazing ways. By mapping your supply chains and data signals, you’ll know where your vulnerable access points are and can then protect and monitor them.
  • Have a reason to collect data. Just because you can collect more data doesn’t mean you should. Focus on data that is a) required for regulatory disclosure, audit, or proof, b) supply chain performance related, and c) early warning signals for risk.
  • Understand how your data may be accessed for use by others. For example, if an open AI program such as Chat GPT is allowed to summarize your email (as some people have publicly admitted), you’ve made your corporate email public. A gold mine for your competitors and bad actors, not so much for you. Help people in your organization understand how to use advanced technologies wisely. Put digital guardrails in place so that your company isn’t digitally burglarized by well-meaning employees – including those in leadership positions.
  • Have IT secure any personal devices used to handle business data. Even when turned off from the internet, some companies continue to access your computer (for example: the opening image when you turn on your computer changes even when no internet connection is made). Just think of what data can be accessed even when you are careful.
  • Be wary of email that requires urgent clicking on a link. This is tough because hackers are so good these days. If in doubt, don’t open. You can always call your known connection at the “entity” sending you the urgent message to verify an emergency. If you do accidentally get trapped, call IT immediately. Remove your computer from the internet if possible as you wait for IT to investigate.
  • Don’t let bad actors stop you from gathering performance data. Knowing where orders and your inventory are at all times, along with constant and consistent improvement, keeps your customers. You’ll need to protect your digital trails.
  • Share good data hygiene tips with your partner base. Small suppliers especially, while critical, may not have access to or understanding of the level of data hygiene your extended supply chain requires. Can you provide assistance?
  • Do your supply chain partners know where their data is coming from? Transparency and risk disclosures extend to the entire supply chain. Using a framework, mapping of supply chains in your network helps expose where the weak points are located outside your control. This allows for various options to be put in play: helping with data expertise to strengthen the weak points of potential access, putting additional filters/security around specific data from specific sources, and so on.
  • Know critical areas that will be exposed due to supply chain partner improvements. This one is tough. Why would partners share the details of their specific improvement initiatives with you? It exposes their growth strategy. It’s critical that you build trust in your supplier base so that data that may expose the supply chain to risk can be shared on sensitive initiatives. You’ll still need protections in place, but perhaps you can begin using your critical relationships when it makes sense to become part of the testing of outside initiatives to make sure data is transferred safely and securely from the start.
  • Use zero trust. Zero trust means you are continuously verifying access for all resources, creating barriers to “limit the blast radius” – meaning if an intruder does get in, they can’t access everything – including insiders trying to access data they are not privileged to see, and implement systems that can provide the right analysis to provide an accurate response automatically to a problem. All of this is setup by IT but helped significantly by using the above 9 points actively.

 Thank you for reading my blogs.

#data #supplychains #supplychaindata #zero trust #supplychainpartners #datahygiene #risk #SCOR #ProcessandStrategy #CynthiaKalinaKaminsky

Cynthia Kalina-Kaminsky is an ASCM Master SCOR instructor and consultant, and a supply chain professional. With you and your company, she uses SCOR , which includes elements of cyber security, cyber risk, and assessments as a governance foundation for supply chain innovation, transformation, digital capability building, and sustainable/resilient supply chain performance you and your business can depend on..  Learn more here