Let's get more than physical: Understanding the need for cyber security planning in the warehouse
Physical security has long been a priority among supply chain executives. Technology used for protecting inventory – the life blood of any manufacturing or retail operation – gets considerable company investment and attention from key stakeholders. Likewise, securing physical space to protect expensive distribution center equipment usually receives similar attention.
But what has traditionally been lower on the priority scale, especially for smaller and/or fast-growing retailers, is establishing or extending a solid cyber security infrastructure for warehouse and supply chain operations. The danger here is that a cyber attack, that either creates a largescale data breach involving customer data or disrupts operations through a Denial of Service (DoS) attack, can end up costing an organization much more than theft of on-hand inventory or material handling equipment. And with the explosion of Internet of Things (IoT) enabled sensors, equipment and automated devices, the need for a well-planned cyber security policy for the warehouse is critical.
Regardless of size, a modern warehouse needs to protect both the systems that increasingly drive operations and the data contained within these systems. Here are eight questions to ask yourself as you either start planning your cyber security strategy, or to make sure you and your corporate IT team have considered as part of your approach. And whether you have responsibility for setting cyber security for the distribution center or defer that responsibility to the IT team, these questions should be part of the planning process.
Are your warehouse and logistics systems protected by the latest security firewalls, intrusion protection technology?
While maintaining cyber security for the organization is often more an IT than Operations issue, it’s worth checking to be sure any on premise warehouse management systems or other critical network-enabled software is secure. This also applies to any IoT type devices used in warehouse operations that are connected to the company’s broader network.
How current is the software used within your operations?
If you do use on premise systems within your warehouse operations, make sure to keep those systems up to date. With security threats becoming more sophisticated, older versions of software not built on latest technology are particularly vulnerable. And the risk increases as systems become more integrated throughout the organization.
One way to avoid the need to consistently check for software vulnerability is to implement a cloud-based warehouse management system for your warehouse operations. The best warehouse management software built on the latest security protocols is much less likely to be susceptible to breaches and disruption than a home-grown or on premise system.
Do you have a well-defined AND well-communicated cyber security policy that includes warehouse operations?
The fact that your security policy needs to be comprehensive is a given. But what companies often fail to do is ensure that everyone understands the policy and knows the reasons for process and procedures. Taking shortcuts in training and ensuring distribution center employees understand the elements of your strategy can have disastrous consequences. In fact, according to an IBM security study, 60 percent of all security attacks were insider-generated, often by employees inadvertently taking actions that started an intrusion.
Have you worked through a role-based access strategy to limit access to critical warehouse data?
While it may seem natural to allow as many employees as possible access to the data and systems needed to be productive on the job, Chief Security Officers universally agree that users remain one of the weakest links in any cybersecurity strategy. Take a hard look at who needs access to systems. Then establish firm role-based access policies to limit your exposure and protect operations.
Do you audit your cyber security procedures regularly?
Cyber threats change in type, scope and voracity daily. Making sure that internal procedures keep up with the security threat landscape avoids risk and the potential impact from a new threat. Again, this activity might be led by the IT team, but it’s certainly worth making sure the supply chain operation is included in the formal review.
Do you back up key warehouse performance data regularly?
One solid best practice to engage is to back up performance and order data to minimize the impact of a cyber attack that might encrypt and lock you out of critical files. Ransomware attacks are among the most onerous and prevalent of cyber security attacks and while they are most often discussed in relation to individual user files, the latest ransomware threats can find their way into corporate data and bring down entire networks. Often, your best defense against this type of attack is to have a recent back-up of key information. Once again, if you are using a cloud WMS, the maintenance of its key data is stored by the software provider, eliminating the need for on premise backups.
Do you have a disaster recovery plan in place?
Unfortunately, in today’s environment, experiencing a cyber security “event” is likely a matter of when rather than if. Should that attack cause a disruption in warehouse operations, the need for a well-designed and easily implemented disaster plan to get your operation back to some level of solid inventory management and order fulfillment performance can’t be understated.