Data Security Guide v2

OPERATION DATA SECURITY: A PLAYBOOK FOR BUSINESS CONTINUITY Are You Prepared for the Unexpected? From the threat of viral pandemics to cyber attacks to severe weather events, your supply chain is under persistent threat. While there’s no way to anticipate every potential point of supply chain disruption, your providers should have plans in place to ensure business continuity. Every company will stumble in the face of a significant event. The ability to respond separates the survivors from the victims.

CYBER CONDITIONING FOR CONTINUITY

Business Continuity? Is Your Supply Chain Hardened to Ensure

What’s your risk? According to research from the Business Continuity Institute, 73 percent of businesses experienced a supply chain disruption in the past year.

Large parcel and truckload/LTL carriers invest millions in disaster recovery. The wide range of smaller carriers and suppliers may not have the capability to deter or minimize the effects of a disruptive event. About 91 percent of U.S. trucking companies operate six trucks or fewer. Many are not able to invest heavily in data security, so when a breach occurs, they may not have the resources to recover quickly from a problem to ensure loads keep moving. A logistics partner provides redundancy for your shipping information.

In the survey, companies identified the top threats in the next five years:

The bad guys only have to be right once in a while for a successful attack. Your IT defenses must be on point every time. When your supply chain faces disruption, working with an expert partner can deliver continuity.

• Cyber attacks and data breaches

• IT outages

• Adverse weather

• New laws or regulations

• Acts of terrorism

As trucks and trailers and parcels become more connected, vulnerabilities will be exposed. Data about each package, from consumers’ personal information to contents and pricing, must be managed and kept secure at each step.

For example, anti-virus protection only works against threats that have been identified. For new viruses, you must have a process in place to respond quickly to mitigate attacks. BUILD A PROACTIVE DEFENSE

The goal is to have a business continuity plan that reduces threats and positions an organization to resume usual business operations as soon as possible. That plan is only as strong as its weakest link. When building a defense, one of the biggest challenges is preparing for unknown threats. That’s why it’s vital to have a process in place to respond to new threats and unanticipated events.

Defensive MVPs

The majority of breaches can be isolated back to user error. So one of the most important aspects of a good defensive data security program is thorough training for associates.

• Use proactive training so associates are capable of identifying potential threats.

• Intrusion testing can help pinpoint vulnerabilities in procedures and technology.

• The internal data security environment should leverage both good business practices and good security practices.

Your business continuity planning must be based on a proactive defense and a reactive offense. A supply chain partner that offers deep technology expertise and a secure, unified transportation management environment can provide both.

PHASES OF SUPPLY CHAIN CYBER SECURITY

1

FORTIFY YOUR DEFENSE • Recognize this isn’t just an IT problem – it includes sourcing, vendor management, supply chain continuity and quality, transportation security • Assume your systems will be breached and develop strategies to mitigate the risk and intrusion. • Accept the human factor. Breaches often begin with error. • Connect cybersecurity and physical security as equal strategies. Also : Add security requirements to RFPs and contracts; establish and enforce protocol for hardware/software procedures; use security hand shakes for software and hardware.

2

ATTACK CYBER SECURITY PROACTIVELY • Monitor and enforce cybersecurity with suppliers’ and developers’ processes. • Maintain a proactive network security policy. • Send security teams to approved vendors’ sites. • Track and trace provenance of all parts, components and systems. Also: Monitor and block unusual IP traffic; tightly control purchases using approved vendors; support legacy and end of life products and platforms; employ resolution plans.

3

Manage Processes and Controls • Develop an information security management system (ISMS) based on ISO 27000 accredited practices • Examine information security risks, taking account of threats, vulnerabilities and impacts. • Implement a comprehensive suite of information security controls and risk management practices. Adopt an overarching management process that ensures information security controls continue to meet the organization’s information security needs.

Source: National Institute of Standards and Technology, International Standards Organization, Transportation Insight

SPECIAL TEAMS SUPPORT

The most effective service providers are those that become an extension of your company. They assume tasks and responsibilities, so your internal teams can focus on other areas. The goal is to find a partner that will make sure your networks and data are secure, and mission-critical activities will continue .

Tapping the expertise of a logistics partner with a deep technology skill set provides both a business continuity framework and access to the latest technology that delivers a competitive advantage. Look for a supply chain partner that invests in technology and cybersecurity at a level that ensures your business will be a survivor.

FACTORS FOR CHOOSING A SUPPLY CHAIN PARTNER

When you embark on a relationship with a supply chain partner, it is essential that you understand their ability to support your business continuity.

The groundwork for this discussion is often laid in the RFP process, but it should not stop there. An ongoing assessment of threats and responses is the only way to maintain your ability to minimize risk.

* SLAs

* SSEA Audits

* Business Continuity

* Multilayer Defenses

* Emerging Technologies

* Data Insurance

DATA SECURITY SKILLS TEST

SLAs Service Level Agreements will govern the level of hardware, software and network uptime from your providers. Ask for reports that will show that your prospective partners have history of supporting the service levels that you need. SSAE Audits The Statement on Standards for Attestation Engagements (SSAE) Service Organization Control (SOC) audit documents the specific controls implemented by a service organization. A third-party auditor performs the assessment. Transportation Insight conducts a SOC 1 Type 2 Report, which describes the suitability of an organization’s controls to achieve the objectives throughout a specified period, usually a year. BUSINESS CONTINUITY Check on the data center’s design to withstand weather events and disruptions, and the redundancy built into the system. Off-site redundancies can ensure service continues without delay. In case of a data loss, understand what your needs are for a recovery point objective (RPO) and recovery time objective (RTO). In other words, how far back should your data recovery extend, and how quickly do you need to be back in operation? MULTILAYER DEFENSES Data security requires multiple layers of defenses to safeguard personally identifiable information (PII) data and proprietary business data. Software and hardware measures, along with physical intrusion barriers, are necessary. Those defenses should be subjected to regular intrusion testing, including social engineer- ing attempts. Unfortunately, employees are often the weak link in attacks as they try to be responsive to inquiries. Training for employees should be a vital part of a cybersecurity strategy. EMERGING TECHNOLOGIES A plan to handle emerging technologies and potential threats is critical. For example, Single Sign-On capabilities are being widely adopted to streamline employee and partner access. However, that reduces the barriers to system intrusions. New technologies such as blockchain and IoT devices must be accounted for in data security and business continuity planning. DATA INSURANCE Finally, look for a partner with the corporate stature to hold appropriate insurance to mitigate the impact of a breach or loss of business.

Your logistics partner should be a cornerstone of your business continuity strategy. A trusted partner will support you in making sound decisions for data security and disaster recovery. Transportation Insight has deep technology experience and the corporate stature to invest in ongoing data security, technology and expertise. Two products, Insight TMS® and Insight Fusion®, deliver robust supply chain benefits as well as a high level of data security and business continuity preparation. A MASTER STRATEGY WITH STRENGTH IN TOOLS, EXPERIENCE INSIGHT TMS As a cloud-based system, Insight TMS provides business continuity to users because it can be accessed from any computer with the appropriate log-in information. In case of a disaster, customers could relocate and have instant access to their supply chain information. Transportation Insight backs it up with service level agreements that provide peace of mind. INSIGHT FUSION Insight Fusion is a powerful business intelligence solution that provides real-time visibility and actionable insights for supply chain and logistics programs. It's also a cloud-based offering that delivers actionable intelligence to empower businesses to better manage an adaptive logistics network, leading to improved customer service, optimized inventory levels and reduced cost to serve. Transportation Insight operates as an extension of the client's organization. The entire relationship is structured around a business continuity mindset to provide uninterrupted service.

If you’re in the market for a supply chain partner, look for one that understands what’s required to keep your business running.

Your list of prospective partners should include those with deep technological expertise, a corporate structure with appropriate insurance and a single-minded focus on business continuity, including cybersecurity. A third-party audit is another factor that highlights an organization’s commitment to keeping your data secure. Your partner should also have an understanding of the regulatory issues where your company operates, whether domestic or international.

For more information about business continuity planning and cybersecurity for your supply chain, visit TransportationInsight.com.

About Transportation Insight, LLC Transportation Insight is a multi-modal, lead logistics provider that partners with manufacturers, retailers and distributors to achieve significant cost savings, reduce cycle times and improve customer satisfaction rates through customized supply chain solutions. Transportation Insight offers a Co-managed Logistics® form of 3PL, carrier sourcing, freight bill audit and payment services, state-of-the-art transportation management system (TMS) applications, parcel technology platform (audit, engineering, advanced analytics) and business intelligence. The Enterprise Logistics division of the Transportation Insight Holdings, LLC, (TI Holdco) portfolio, Transportation Insight operates alongside transactional freight brokerage Nolan Transportation Group (NTG) to help client shippers engineer efficient supply chain networks. Combined, the $3.2 billion TI Holdco organization serves 7,000 clients with logistics management services that include domestic transportation (TL, LTL, Parcel), e-commerce solutions, supply chain analytics, international transportation, warehouse sourcing, LEAN consulting and supply chain sourcing of indirect materials including secondary packaging. Headquartered in Hickory, NC, Transportation Insight has secondary operating centers and client support offices across North America.

For more about Transportation Insight, visit www.transportationinsight.com, email info@transportationinsight.com or call 877-226-9950.

877.226.9950 www.transportationinsight.com Info@transportationinsight.com 310 Main Avenue Way SE Hickory, North Carolina 28602

SERVICEMERCHANDISE R1 2/25/2020

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9

Made with FlippingBook - Online magazine maker