Although Cybersecurity Awareness Month is observed in October, procedures and practices to protect data online must occur every day, of every year to keep individuals and organisations safe online.

So to celebrate Cybersecurity Awareness Month, we caught up with Mark Taylor, our Chief Technology Officer to find out how we protect internal and external data and environments from growing online threats.

“With a supply chain transparency platform used by over 40,000 companies spanning 150 countries, data security is at the heart of what we do. When we consider security, we think ‘security in depth’. This is the acceptance of the fact that no single security measure can hope to defeat all possible attacks.”

Protecting our internal infrastructure with the 3 P’s (Procedures, Practices & People)

“Our focus on security starts with our procedures and practices. We operate an ISO 27001 compliant Information Security Management System. We insist that our infrastructure suppliers are ISO 27001 and ISO 9001 certified.

“We review our policies and processes at least annually with a focus on security and potential developing threats. And our Security Steering Group meets monthly to review risks and our response to those risks.”

“Successful security always includes people. Although important – but often overlooked – we regularly keep our staff up to date with potential threats.”

“Our email servers automatically scan inbound emails – a very common source of malware – for known threats and neutralises these threats before they reach our employees.”

“All computers in our environment are protected with advanced endpoint protection – which goes beyond simple anti-virus technology. This protection is managed in a central location to ensure it is always up to date and that any threats / trends are reported and monitored. Our staff do not have administrative access to their computers, this means that they cannot install software – deliberately or inadvertently. All employee’s computers are also encrypted and data backed up into secure cloud storage.”

Protecting our platform & external company data from online threats

“External data in the Authenticate platform is protected by multiple layers of security, including firewalls and Intrusion Detection Systems. Access to servers is only possible through secure VPN connections, protected by multi-factor authentication, using separate, privileged administration accounts. Data is always encrypted – at rest and in transit.”

“Security is a core feature of our platform and is considered at every stage of the development process. We take nothing for granted. We have annual penetration tests / vulnerability scans performed by third party security specialists, with quarterly re-tests. Our internal development process includes a vulnerability scan before every single release, helping to ensure we always maintain the highest level of security. Our disaster recovery plans are kept up to date and are fully tested annually.”

With supply chain cyber security breaches up by more than a third and 93% businesses affected by a direct security breach according to new research, the Authenticate platform could help you to visualise your supply chains, collect data and assess risk. Using scalable, secure solutions including digital audits and document, your business can request and store cybersecurity policies and benchmark supplier performance against custom criteria.

To request a copy of our IT policy or discuss how your business could use the Authenticate platform to understand supply chain cybersecurity risk, get in touch.

For more information on the Authenticate platform or to discuss your challenges and requirements, get in touch with the team.