Welcome to the
Scottish Business Resilience Centre
Is your supply chain secure?
One of our current focuses is the cyber security of business supply chains.
It has been found that companies have been subject to indirect attacks through weak links in their supply chain. To help businesses assess the levels of cyber security with their supply chain we have produced the following draft letter:
You will have seen increased media attention on the whole area of cyber risk and cyber security within business recently. As you know at the Centre we run a specific cyber resilience workstream and over the coming year will be working very hard with colleagues in Police Scotland and the Scottish Government to ensure that all businesses have access to the steps they need to take to make sure they are better protected. As you may also know we run a simple and straightforward cyber awareness accreditation called e-Trader designed to help smaller businesses consider all of their processes from a people and process perspective. If you want to know more about this, then please contact us, we are here to help. There is more news on this to come shortly as we have been developing a full cyber assessment, learning and accreditation product with Willis the international insurance broker.
In the immediate sense however one of the areas we will be focussing on in the next month is the supply chain – encouraging businesses to make sure that you know who your suppliers are and what questions to ask these suppliers regarding their own security. Have you checked for example if your suppliers subcontract any of their work? Are you confident that their own security is as good as your own?
All of these areas will come under increasing scrutiny as we move forwards. Sadly, it can be relatively easy for an insecure supplier to be an easy access point for a virus or a piece of malware which could have a potentially disastrous impact on your business. We are keen to help you avoid any of this.
At SBRC we are committed to working with trusted partners and to ensuring that we keep you up to date with services that may be useful to you – and services that we are confident work well. As I say, we will be running features on the supply chain and how to help secure it properly over the next month.
In order to ensure that we all follow best practice on the supply chain we will be writing to seek assurances from our own suppliers and you may also wish to do the same. What does this mean? It means that we will be seeking written confirmation from all of our professional advisers, business partners and sub-contractors that each conforms to a reasonable and recognised standard of cyber security within their own organisations. You might want to do the same if you haven’t already – all of us need to ensure that all of our supply chain is cyber-secure. Unless you know that if services provided to you, are in any way dependant on other suppliers, you can’t really make a judgement on how secure your customer data is. The easiest way to do this is to send them each a letter outlining the same terms as this article. We will provide you also with a template letter to use if this is helpful. We will also be suggesting a trusted partner who can help to assess the security of your supply chain if that helps.
In the interim, I have attached details of the Safer e-Trader award from the Scottish Business Resilience Centre (SBRC). This award forms the basis of our own cyber security. I have also attached details of a complete cyber solution, which includes an online course and toolkit which we have found to be a useful and relatively inexpensive means of addressing cyber security issues. This course is known as Cyber-ATLAS and is available on CloudStore, via the G-Cloud framework which makes it highly accessible to a wide range of organisations of different sizes.
Entrepreneurial Spark put call out for Board Members
Entrepreneurial spark are looking for board members to support their companies and to assist them in introducing nominal boards.
For clarity the email address featured at the end of the video is: firstname.lastname@example.org