Cyberattacks on supply chain companies are particularly devastating to the economic infrastructure. Any supplier of goods, digital or non-digital, counts.

Breaches from IT security vulnerability have hit an estimated 93% of supply chain companies. Each one counts as a “one to many” attack, in which the effect extends far beyond the initial target.

Ransomware shut down Colonial Pipeline, a major gas conduit, for a week. Kaseya, a software company, got infected with ransomware that spread to 1500 of its small business customers before it was caught. Ransomware shut down food production plants in three different countries when JBS, beef and pork supplier, got hit.

Supply chain attacks rose 42% in frequency during the first quarter of 2021. The threat is growing, and the trajectory shows no sign of slowing. 97% of companies were impacted by a supply chain breach, and 93% suffered successful direct attacks.

It’s imperative that business owners analyze supply chain risks and formulate a plan in the interests of business continuity and risk management. Even if one company’s security is tight, we all rely on suppliers to get us the materials and tools we need to do business. What happens when any one of them goes down?

First, check the risk. Make a list of all suppliers and vendors for both goods and services. Everything from paperclips to the phone systems to the raw materials needed to run the business needs to be on that list.

Review each one to see how they’re handling their cybersecurity. It may help to get an IT person in to help with this review. Are they doing anything? If so, is it sufficient? How bad would it be for the company if that supplier went down?

Create a set of minimum cybersecurity standards. If a supplier or vendor doesn’t meet or exceed them, don’t do business with them. The risks are too high, and that vendor is saying they aren’t professional enough to do business with through their actions.

Get the business itself audited for cybersecurity. Security audits ought to be scheduled at least once per year. Each company should know where it’s vulnerable, how to address that, and how to make their systems strong enough to prevent a breach or attack.

Get backup vendors wherever possible. If doing business requires a particular part that only one vendor makes, then the risk of downtime if that vendor goes down skyrockets. It’s safer and more flexible to have at least two vendors who can supply the company.

All data kept in cloud services or storage should be backed up by a 3rd party tool. Microsoft itself encourages businesses that use its MS365 service suite to get a third party app or platform to back up data. A business without its data is a business that’s not working.

At NoContractVoIP, we provide full, custom business telecom services. Our security and customer service both are top notch. Our hosted PBX services use six different servers that are geographically scattered for maximum resilience, and our cybersecurity is continually upgraded. In addition, we can provide softphones that work on smartphones, tablets, or computers so if the main office goes down, other devices can pick up the load.