For many companies, the supply chain is an overlooked security risk. After all, the chain is long and not obviously under your control. It consists of many links that range from vendors, your own production processes and the entire logistics path to distributors, retailers and consumers. And there are plenty of places where things can go wrong. This blog takes a closer look at six key areas that corporations need to consider when strengthening the weakest links in supply chain security.
The path from parts to finished product is long, and hostile acts are possible at every step of the way. This might be the sabotage of essential parts or ingredients that result in accidents or other mechanical failure. It could be the introduction of poisons into foodstuffs. Or what about smuggling a deadly device by placing dissembled parts into various shipping containers? Threats are not limited to acts of terrorism or extortion. Every day, narcotics and even human beings are smuggled in shipping containers all over the world.
Business leaders need to assess and mitigate the risk of such attacks. A PR nightmare is one thing, but the C-suite will probably also want to consider the potential long-term damage to the company’s brand, stock price and bottom line – not to mention the human tragedies that a hostile acts could bring in their wake.
So how do you protect yourself and your business from such threats? Here are six areas you will want to consider.
1. Vet your vendors
Ensure that all vendors, service and transport providers you work with are reputable, and can document how they safeguard security.
Do they have all the pertinent certifications? For example, are they a member of the Food Defense Program? Do they adhere to supply chain security standards such as C-TPAT in the US, or Authorized Economic Operator (AEO) in Europe? What about the security aspects of ISO 9000 or similar certification programs? And remember: Be sure to include these requirements in all contractual agreements with vendors.
Do your due diligence – and go beyond your business partners’ financial stability and general business reputation to make sure that your supply chain is not unnecessarily exposed.
2. Check your facility’s physical security
It’s essential that your facility have strict access control.
All employees must have visible photo ID – and preferably RF chips – in order to access work-specific areas of the facility. All visitors and vendors must be issued with a visible visitor’s badge, with photo, and the purpose of their visit must be verified before they are granted access. It is advisable to have designated security personnel on site both during work hours and when the facility is closed.
Access deterrents such as fences, gates, effective lighting as well as locked doors and windows are basic essentials of physical security. These should undergo regular inspections by the maintenance team to ensure that all are secure and in good working order.
3. Use appropriate technology
Well-placed CCTV cameras are extremely useful in detecting and preventing hostile acts.
If you can attain complete coverage of your facility, that’s great. If not, then be sure to cover critical areas such as entrance gates, loading areas, parking lots, storage areas and production lines. And remember: cameras that are not monitored are less likely to prevent a hostile act, so be sure to appoint someone who actually looks at them from time to time for effective protection.
Clear signage communicating that an area is covered by CCTV is not only a huge deterrent – it’s also a legal requirement in many places.
Alarm systems of various types are effective especially in facilities that don’t operate 24/7. While the ringing of a siren may chase the intruders away, it will not provide any chance of apprehending them or learning who they were and why they were there. So be sure to that your monitoring and response capabilities are also up to snuff.
4. Screen employees before you hire them
The easiest way for hostiles to penetrate your business is to get you to hire one of their operatives. It could be a cleaner, an office worker or an R & D specialist, but when they’re operating freely within your facility, they can put your business at risk.
It is of paramount importance that HR have systematic, documented processes in place for screening potential employees. This should include criminal background checks if allowed by local law. Always check references and employment history even if it is for a menial job. Interestingly, cleaners often have more access within the facility than most other employees, and they often work at times when the place is mostly empty. This affords them excellent opportunities for activities that go beyond dusting and sweeping. Remember to periodically – and randomly – re-screen existing employees who have access to sensitive information regarding your business and/or security setup.
And by the way: Be sure to keep close track of all ID badges, access chips, electronic or manual keys, etc. – both when they are issued and when they are retrieved. You need careful documentation that no employee leaves the company with any such device still in their possession.
5. Train employees after you hire them
This is perhaps the most important aspect of supply chain security and also the most neglected. It is of paramount importance that everyone working at your facility be aware of the potential threats and know how to recognize them. The well-known saying, “If you see something, say something” is only effective if people know what to look for.
You need to train employees to be aware of suspicious behavior. This could include noting unusual activities like a stranger putting flyers on the cars in the parking lot or new employees acting strangely. Does it mean they are terrorists? Of course not. But it could raise a red flag that should be mentioned to the security manager.
Management must ensure that there are clear, easy and anonymous processes for transferring information to the facility’s security apparatus. Proactive, preventative action is better than regret after the fact.
6. Don’t forget IT
IT security is a whole different ball of wax – and far beyond the scope of this blog.
Suffice it to say that IT managers are responsible for keeping firewalls, anti-virus and anti-spyware software installed and up to date. They need to segregate and isolate sensitive information, and make sure that employee’s usernames and passwords limit their access to task-specific data.
They should also ensure that all system use is logged and monitored, and that attempted system abuse or penetration is monitored and controlled. Employee passwords should be updated every 180 days at a minimum – and be sure to cancel usernames and passwords when employees leave the company.