Inside Supply Management Magazine

The Data Breach Risk in Your Pocket

May 01, 2014

The recent Heartbleed security threat is forcing companies to revise data security policies to prevent serious cyberattacks before they occur. While Heartbleed has mostly been handled by now, technology experts are concerned about what the next major cybersecurity threat will be. Mobile devices and smartphones, now ubiquitous with the traveling employee, need special attention to reduce the risk of a data breach just as much as an organization’s main network systems.

Most supply chain practitioners traveling to visit suppliers use smartphones for two purposes — work-related data organization and sharing, and personal/life management and communication. Increased usage coupled with downloaded apps that may be vulnerable to open-source software threats like Heartbleed compound potential risks.

PricewaterhouseCoopers Cybersecurity Adviser Charlie McMurdie says threats increase all the time.

“Unfortunately, our awareness of, and response to, the security implications of using mobiles has not kept pace with the threats,” he says in an April 29, 2014, Financial Times article. “Cyber criminals now have plenty of opportunities to exploit.”

The challenges of keeping data secure during domestic travel are tough enough, but overseas travel presents even more of a risk. In fact, it’s one of the top concerns for companies active in global business, according to the 2014 Chubb Multinational Risk Survey. The number-one threat to the survey respondents’ businesses is supply chain failure (19 percent) and data breaches/cyber events are second at 15 percent.

“With many employees traveling outside the U.S. and Canada, more mobile devices, often with proprietary company information, are at risk of being lost or stolen,” says Kathleen Ellis, senior vice president and worldwide manager of Chubb Multinational Solutions in an April 29, 2014, company press release.

According to the Chubb survey, 82 percent of companies require at least one security feature on mobile devices used for work, including password protection, encryption and the ability to remotely wipe the device clean.

Survey respondents also were asked whether their companies have established global social media policies.

Sixty-three percent of the firms have social media policies that extend to overseas employees, and 23 percent of these firms tailor such policies for different locations. However, large companies (77 percent) are significantly more likely to have an overseas social media policy than smaller companies (55 percent).

“It’s not surprising that larger companies appear to be better prepared to manage the risks that come with an increase in overseas activities,” observes Ellis. “But smaller companies, which may be more financially vulnerable to such risks as data breaches or supply chain failures, can turn to agents, brokers and insurers that have underwriting, loss control and claims resources on the ground overseas to help them manage the risks of their international expansions.”

So, what can you do to protect your supply chain practitioners right now? Here are some tips from North Dakota State University:

If possible, use temporary and/or prepaid “throwaway” mobile phones purchased specifically for travel, rather than bringing work or personal devices.

Disable network functions such as WiFi and Bluetooth and disable all file sharing. Assume anything you do over the Internet can be intercepted.

Do not attempt to circumvent national restrictions on certain sites (such as social media) in other countries. This could result in warnings, confiscation of your devices, and even criminal charges.

This FBI brochure contains helpful information and suggestions for business travel abroad.

No matter what size your company is, educating employees regarding the serious risks, following stringent security policies and staying up-to-date with privacy and security updates on all devices can help minimize problems.