Cyber attacks are on the rise, and government contractors are looking at new ways to protect their valuable assets, data and information. Executive Mosaic spoke with DTS CEO and President Ed Tuorinsky in a new video interview to find out how companies should be thinking about supply chain security in the digital age.
Table of Contents
Understand Your Information Flow
According to Tuorinsky, the first step in ensuring supply chain security is understanding the flow of information within your organization. That can help companies understand which partners can put them at risk and which ones can’t.
Companies have information flowing in and out at all times. At the lowest risk level is general business communications, which may look like emails back and forth between companies and partners or between the sales team and potential customers.
One step up from that is proprietary information that a company may want to limit to internal use but still may share externally with the right partners.
Some of the more sensitive information a company has includes personal information — like social security numbers. In the government contracting space, especially when working with the Department of Defense, companies may also have controlled unclassified information, or CUI.
“Really understanding the information flow and what partners are receiving what — that’s really the start of your supply chain security,” Tuorinsky said. “Understanding who’s receiving what, what is that information and should it be protected.”
Determine Which Partners Should Be Vetted
Companies can have a wide range of vendors and partners, from office supplies providers to subcontractors. Not all partners require the same kinds of supply chain security and controls, Tuorinsky explained.
“Staples, for example — you’re ordering your supplies, paper, pencils, pens. They have your credit card information, but they’re not in that critical information flow. They’re a vendor, they’re a supplier of yours. Yes, if your information gets stolen, it is a hassle to change that, but it’s not critical,” he said.
However, if a company outsources something like business development, that’s when company proprietary information, financial information and even CUI could come into play.
“That vendor has to be vetted,” Tuorinsky emphasized. “You are sharing critical information with them, and you want to make sure not only your corporate information is protected, but your potential client information is protected.”
Unlock more supply chain security insights by watching Ed Tuorinsky’s video interview.