June 21, 2023 Phishing, scams, and supply chains
Risk comes in many forms. And one of the key duties of a director is to ensure that all potential risks are not only identified but mitigated against. Whatever the risk, no matter how well set out the precautions, it can sometimes be the unexpected, that single moment of carelessness, which lets you down and opens up the organisation to scams.
One of those totally innocent actions which could prove so costly is the click of a link in an e-mail. Phishing expeditions are far more sophisticated nowadays than in times gone by. It’s rare nowadays to see a poorly misspelt e-mail with headers or footers which don’t match the purported recipient. So how do your people spot a potential scam e-mail? Apart from training people in good e-mail management, one option may be to develop a risk-awareness policy which includes the reporting of potentially suspicious e-mails to the National Cyber Security Centre’s Suspicious Email Reporting Service (SERS).
Launched in 2020, to date more than twenty-one million reports have been made, resulting in the removal of more than 235,000 malicious websites. Commenting on the service City of London Police Commander Nik Adams said “Phishing scams, whether it’s a text message claiming you have missed a delivery and are required to pay a redelivery fee, or an email claiming to be from your bank are a common security challenges that both individuals and businesses across the UK face on a daily basis.”
The National Cyber Security Centre (NCSC) website is a good place to start when considering what steps can be taken to avoid phishing scams. The site also carries information on other potential areas of risk. Take for example the potential risks inherent in the supply chain. As the site comments: “Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it.”
Supply chain mapping can help organisations not only to identify those risks but also to provide potential mitigations. Identifying not only your immediate suppliers but also the interactions throughout the chain can also lead to better compliance with legal or regulatory responsibilities.
The NCSC website suggests that information collected should not only consist of a list of suppliers and their sub-contractors but also a map of how information, products and services flow across the chain. Identifying the relative importance of each product or service supplied can also help to build a good risk management model. However, organisations shouldn’t be too complacent as key information supplied to even a minor cog in the supply wheel could ultimately prove to be damaging to the business if there is a danger of that information being acquired by scammers. So if a potential risk is identified, companies may wish to seek assurances on those company’s own internal risk mitigation strategies.