How secure are your communications with your Supply Chain?
The pandemic, and for that matter, Brexit, have recently brought into sharp focus the role of the supply chain, and just how crucial it is to the running of many traditional businesses, including UK plc. Thanks largely to Brexit planning, certainly most manufacturing businesses were holding reasonably high levels of stock and so were better able to cope with the issues raised by the restrictions of lockdown. However, one area that gets discussed less often, is the security of communications with the supply chain.
Supply chain due diligence
Risks within the supply chain are many, and not least is the reputational damage to your own brand should something go wrong with one of your suppliers. Best practice due diligence is a standard part of risk mitigation for dealing with suppliers. For example, most organisations have policies concerning the environment, modern slavery, bribery and corruption and corporate social responsibility, which suppliers are expected to comply with as part of commercial agreements. However, despite all of these policies designed to protect the company, most organisations do not have procedures in place for communicating with partners and suppliers around sensitive or confidential issues, for example, product, pricing details, orders and contracts, formulae/recipes, logistics and warehousing arrangements. Any of these details could provide valuable information to your competitors, so communications should be secured.
This is particularly important because the very act of communicating with your supply chain has the potential to open up your organisation to much greater security risks. As the NCSC points out In its Secure Communications Principles document, published earlier this year (https://www.ncsc.gov.uk/guidance/secure-communication-principles-alpha-release), “Many organisations will wish to communicate securely with contacts outside of their own organisation. If a communications service does not allow this, then their members may revert to using an insecure service that does not meet these principles.” People will always find a workaround to; a) get the job done, and; b) make their own lives easier. For these reasons, it is imperative that a secure comms solution can be extended for use by trusted contacts outside of the organisation.
Consumer apps are not the answer
In the current climate consumer apps, like WhatsApp and Zoom, have been adopted by many, as the means of communication. However, both have their drawbacks. As well as the question over what happens to metadata when you are using an app owned and controlled by a global social media company, in the case of WhatsApp there is also its inability to provide GDPR compliance. The security flaws in services such as Zoom (and MS Teams for that matter) have already been well documented https://www.bbc.co.uk/news/technology-52133349 with the new phenomenon of Zoombombing where miscreants join calls uninvited to listen in or hurl abuse. Consumer-grade apps, whether on the desktop or mobile devices, give no control of users on the system and no constraints on where confidential messages and attachments can be forwarded to.
There are many questions about consumer apps overall handling of personal data and metadata, and other security concerns, meaning these apps are simply not suitable for corporate communications. See our previous blog which explains why in more detail: https://www.armourcomms.com/2020/02/06/using-consumer-apps-for-business-use-is-illegal/?cat-slug=10 Despite this many people admit to using them for business use: https://gdpr.report/news/2020/02/14/privacy-almost-half-of-whatsapp-usage-breaches-legal-terms/
A reliance on these apps could potentially leave businesses with significant vulnerabilities in their communications So how can you communicate with trusted third parties within your supply chain securely?
Secure comms apps support white-listing and groups
Both Armour Mobile and SigNet by Armour provide the facility, subject to certain controls, for different groups or communities to communicate.
Setting up distinct groups and communities within Armour Mobile and SigNet is particularly easy using our Desktop admin module. It ensures that those that need to communicate with supply chain contacts and external third parties are able to do so easily and securely.
Our client QuoStar, an IT support and consultancy provider that specialises in businesses going through growth and change has used Armour technology to:
- Provide secure conferencing for numerous participants
- Secure intra-company and company to company communications
- Ensure calls and associated metadata are kept private
- Protect data sent in messages, text or as attachments
At Sparten, a consultancy that provides discrete intelligence-led, unconflicted advice to high net worth families, corporates and their advisors, they use a range of enhanced security features from Armour that have proven particularly valuable when communicating with third parties:
- Secure Conference Calls for voice and video – the microphone is isolated so no other app can eavesdrop
- White Listing and Groups ensure the sharing of contact details is controlled
- MessageBurn or Audit Trail – some operatives prefer to burn messages once read while others from a legal perspective prefer to keep a record for audit purposes.
For more information about how Armour solutions could help you to communicate more securely with your supply chain, read our case studies:
Sparten deploys Armour Mobile to strengthen intelligence led approach
QuoStar safeguards communications and prevents hostile interception of sensitive IP with Armour Mobile