If your company hasn't recently experienced security issues or isn't facing any obvious risks in the immediate future, supply chain risk mitigation probably isn't high on the corporate to-do list. Putting data security on the back burner in favor of more pressing operational issues may seem like a good idea— until disaster strikes.
Are you prepared to weather an unexpected data-compromising storm?
1.) Who should be involved in implementing a new supply chain management IT solution?
A.) Your current IT department.
B.) You supply chain partners.
C.) Your executive board.
D.) All of the above.
D.) All of the above. According to a recent survey by data security firm Protiviti, properly gauging the risk profile and implementation of an IT management solution is a team effort. Your IT employees assist with the initial setup or adjustment; your supply chain partners provide necessary info and updates; and your board stays in tune with progress and approves the level of risk your solution entails.
2.) When should you destroy your data?
A.) Never— you may need it, after all.
B.) Seven years.
C.) Over an agreed-upon and legally feasible schedule.
D.) Three years.
C.) Over an agreed-upon and legally feasible schedule. The benefits of a set data destruction schedule include reduced IT costs, less liability for cyber or security breaches and a decreased need for space or employee management for physical files. Your destruction dates can vary from file type to file type, but they should be carefully formed in combination with company management. According to the Privacy Technical Assistance Center, they should also be created and followed with state, local, federal and internal legal demands, such as statutes of limitation, in mind.
3.) What data should you collect?
A.) Nothing— partner and customer privacy is important.
B.) What you can properly notify, use, manage and dispose of.
C.) Everything possible, in order to fine-tune marketing practices.
D.) Only what is voluntarily offered.
B.) What you can properly notify, use, manage and dispose of. Data collection isn't something that should be formulated or tweaked "on the fly." Carefully consider what information you'd like— demographics, amount per transaction, etc.— before implementation. Also, ensure that it is legally viable to collect, store and eventually purge that information both in the company's location as well as the customer's or a partner's, in a supply chain risk mitigation scenario.
4.) Are information security practices necessary?
A.) Only if a company is operating in a high-risk field.
B.) Only when data assets are internal to the company.
C.) Only when data assets are external to the company.
D.) All companies should have them.
D.) All companies should have them. Regardless of how much, or how little, a security breach could affect your day-to-day operations, efforts to prevent, shut down or stop one should be clear company-wide. If it's tempting to leave an IT-challenged department or manager out of the loop, instruct your IT staff to educate them instead.
5.) What are the core information security practices?
A.) Periodic audits of databases, malware scans, login IDs for all employees.
B.) Remote access terminals, ethernet connections and written IS policies (WISP).
C.) Record retention, destruction dates, data encryption and written IS policies (WISP).
D.) Malware scans, record retention and remote access terminals.
C.) Record retention, destruction dates, data encryption and written IS policies (WISP). A company should always have a plan in place for managing and purging their data, safely transmitting or collecting it, and a clear-cut IS policy to guide employees and serve as a reference if trouble strikes.
The Bottom Line
When your company operates as a cohesive unit with the same IT security goals in mind, crafting, implementing and keeping up core IT security practices becomes a natural part of operations. From reassuring new customers that their data is safe to championing supply chain risk mitigation, these efforts go a long way to scaring off would-be digital breach threats and quickly regaining operational equilibrium if they should strike.