Fortifying Security in your Supply Chain: 6 Best Practices for Direct Sellers in 2021
Among the various challenges inherent to the direct selling industry in 2021, cyber security is among the most pressing and a top concern of PayQuicker enterprise clients. The work of IT departments and security teams means little if a trusted third party is lax with their security, or worse case, gets compromised themselves.
The supply chain for any direct selling organization (DSO) is a multi-facetted and multi-party ecosystem. It involves vendors, suppliers, partners and more — each of which has some degree of access to your IT infrastructure. These connections support growth and provide efficiencies. However, they also increase your companies risk profile, providing cybercriminals a path into your company systems.
For example, one of the most devastating hacks in history occurred in 2020 when the cyber security company SolarWinds was breached. In the fallout, over 18,000 organizations affecting more than 450,000 individuals including at least ten federal agencies were also breached1. The affected organizations and agencies each had top-tier investments in security. Nonetheless, this vendor put them at risk.
As the Information Security Institute states, “[the] cyber security of any one organization within the chain is potentially only as strong as that of the weakest member of the supply chain.”
PayQuicker takes security seriously. It is a top reason our clients choose us for their global payout needs.
6 Best Practices for Supply Chain Security
A supply chain is a, “system of activities involved in handling, distributing, manufacturing and processing goods in order to move resources from a vendor into the hands of the final consumer.”2 Attacks that use these systems will continue to accelerate as these systems get bigger and faster.
To promote the safety of the direct selling industry, PayQuicker suggests the following best practices as a plan of action in 2021:
1. Inventory Data Access
You cannot protect what you do not track. Before any other priority in securing the supply chain, you need a clear idea of who has access to what data. Audit these connections for appropriate scope and depth of data being shared. According to a 2018 study, 77% of companies have limited or no visibility into vendors.
2. Ask the Hard Questions
Do not assume your standards will be upheld by other companies. PayQuicker recommends each company develop a way to communicate internally about what information or access will be shared, how it will be monitored, and what security standards shall be enforced.
Talk to your partners about what they are doing to protect you. If they cannot answer your questions, you might want to take your business elsewhere. Take seriously the costs of downtime and getting breached— PayQuicker does.
3. Implement Continuous Monitoring
At PayQuicker, cybersecurity is never “done” per se. The threat landscape constantly evolves, so it is important to establish a process for continuously monitoring data management and network security. While this is largely an internal process, it is god practice to encourage your partners to have and communicate their plan to you as well.
4. Audit Third-party Products
Verify the security controls of any product being used by partners in your supply chain. As SolarWinds experienced firsthand, it was compromised by its own supply chain and, in turn, compromised all its partners.
In another example, Lenovo sold computers with a preinstalled man-in-the-middle attack in 2015. Even the best security controls were not very effective, as the vulnerability was already present upon arrival.
These examples support Information Security Institutes’ argument that organizations must, “be clear about the environment in which their supply chain works, all the products in use, and what connectivity exists with the outside world.” PayQuicker is regularly audited by our partners to maintain our high level of security standards.
5. Change Default Passwords
The industry of cybercrime is like any other. Often, its members will follow the path of least resistance and hope for an easy way to score. Always change the default passwords for each device on your network, including IoT. Any default password is known, and therefore an easy path for an attacker.
Still today, in 2021, some devices have default accounts that cannot be removed or changed. Avoid such devices. PayQuicker checks beforehand and removes devices immediately, if such an account is discovered.
6. Team Based Training
Educating users, employees, and partners about password management and other risky behaviors can avoid cyber security issues from happening. IBM found that, “95% of all security incidents involve human error, from following links to phishing scams, to visiting bad websites, enabling viruses, and falling victim to other advanced persistent threats.”
Include partners in tabletop exercises and discuss potential attacks and response scenarios. Outline best practices that can help your employees, company, and customers protect their own sensitive data.
Protecting the Supply Chain from Cyber Crime
Of the many paths for attack, the supply chain contains many attractive entry points. Vigilance, best practices, and effective communication make all the difference as each company tries to navigate the ever shifting, increasingly connected landscape.
PayQuicker goes to great lengths to enable everyone, partner or not, to create a safer, faster, better future for the direct selling industry.
PayQuicker is a leading provider of financial payout technology and innovation for direct sales organizations. Our cloud-based, regulatory-compliant, secure software stack offers custom-branded payout solutions that power our clients to seamlessly deliver secure, instant payouts to millions of independent contractors, distributors, influencers, and affiliates around the globe. The instant payout of commissions, bonuses, incentives, and rewards is critically important for our clients to build brand loyalty and accelerate their business growth worldwide through secure affiliate portals, wallet solutions, or API gateway integrations with their proprietary user interface.