Best Practices for Keeping Your Warehouse Cyber Secure

Eric Allais details how distributors can improve their cyber defenses and maintain a strong security posture.

I Stock 1274428108
iStock

Technology is revolutionizing warehouse management and operations. Despite the many advantages of adopting new warehouse technologies, there are inherent cybersecurity risks that distributors need to be aware of and continually protect against. When you stop to consider things like networks, applications, endpoints to data, intellectual property, and a company’s reputation, it’s evident that warehouses are vulnerable to the same variety of cyber threats and malicious activity as businesses in other industries.

There are always potential cybersecurity elements to consider when it comes to adopting, installing, operating and maintaining new technologies. By heeding security best practices – such as keeping warehouse technology up to date; mitigating third-party risks; instituting proper access controls; protecting devices and data points; backing up warehouse management system (WMS) servers and other inventory systems; and employee training and awareness – distributors can improve their cyber defenses and maintain a strong overall security posture. Let’s take a look at each one in more detail.

Keep warehouse technology up to date

Ensuring technology is always up to date is a critical part of protecting the digital environment and preventing unauthorized access to your networks. If a software vulnerability is left unpatched, a viral attack can easily compromise your whole system, leading to an avalanche of unforeseen shipment delays and logistical issues (which nobody wants to deal with). In order to mitigate these risks, you must consistently monitor and install the latest software versions, firmware updates and security patches to warehouse technologies as soon as they become available. 

Data privacy and mitigating third-party risk

Any time you partner with a third party, you run the risk of data breaches due to improper controls within that organization’s operating environment. No matter the company you work with (or plan to work with), it’s always important to thoroughly research their security reputation and background because you’re essentially making your warehousing operations fully dependent on their technology. It’s a worthwhile precaution to carefully review all contracts and licensing agreements to make sure that you aren’t inadvertently sharing personal data. 

Furthermore, you should do your homework to make sure the company or service you work with is resilient to direct and indirect cyber attacks. What will happen to the technology hardware and software you’ve integrated into your operations if that third party becomes compromised by a security breach? At the very least, service could be temporarily disrupted, but you could potentially open your own systems to attack as a result (take, for example, the recent SolarWinds hack).

Protect devices and applications with proper access controls

Verizon’s 2020 Data Breach Investigations Report shows financially motivated criminals utilizing attacks against web applications have their sights set on the warehousing industry. The report finds that as many as 98% of breaches in the industry are financially motivated, with roughly two-thirds of breaches accessing personal data and another one-third gaining access to credentials. The bulk of WMS users – employees out on the warehouse floor – interact on RF terminals or other handheld computers that are purposed solely for their WMS. Fortunately, this means fewer people on a personal computer or other connected device with access or opportunity to browse sensitive network files or folders, open potentially virus infected emails on the network, and so on. 

However, one scenario I’ve encountered numerous times that’s rife with securtity implications: some distributors have users “BYOD” (bring your own device) to the warehouse. Unfortunately, allowing this type of access to an organization’s Wi-Fi, networks and sensitive data increases the likelihood of breaches and external attacks and also creates opportunity for potential insider threat. For example, how do you limit “snooping” where people shouldn’t be? 

If your business must operate in this manner, make sure your WMS includes permissions to keep workers in only those areas of the application (or warehouse) they’ve been authorized. And, if employees must use their personal mobile phones, tablets or laptops to complete work tasks, make sure that those devices are properly secured or monitored to prevent the likelihood of a data breach. Across the board, strong authentication is a cornerstone of good security policy.

The human component of cybersecurity

The human component of cybersecurity in your warehouse is as important to address as the technological and digital elements. In fact, according to the Verizon data breach report, employee errors – such as setting up large databases without proper access controls – are a recurring problem in the warehousing industry, with typical misconfiguration error scenarios being the most common. Combined with web application attacks, Verizon’s data shows human errors and social engineering in the form of phishing, and pretexting attacks – in which a malicious actor invents a convincing scenario (the pretext) to engage the targeted individual or business and fool them into disclosing sensitive information – are responsible for the majority of breaches in this industry.

Sure, people make mistakes. It’s a byproduct of being human. Implementing employee cyber awareness training is just as critical to warehouse security as securing warehouse technology itself. Employees should be educated on the risks of opening suspicious email links or downloading any malicious programs onto the company system. Make sure employees are using strong, unique passwords for each of the accounts or devices (RF scanners, etc.) they use to access company systems. Check to make sure they’re periodically updating those strong passwords to prevent hackers or other unauthorized users from gaining access to company accounts in the event one of your warehouse services is compromised, resulting in a credential leak.

Backup, backup, backup (then backup your backups)

Finally, an important message worth repeating in the dialogue around warehouse data security is the importance of regularly backing up servers and data points. So, I’ll say it again: backup, backup, backup – then, back up your backups. In the event a cyber incident or breach does impact your warehouse operations, you’re going to need them.

AllaisAllaisThe Final Word

Distributors and warehousing businesses have a lot to lose if cybersecurity is neglected. By following these best security practices, you can bolster your defenses and maintain a strong cybersecurity posture in your warehouse. Doing so will not only protect operational systems and technology, but provide peace of mind to you, company stakeholders and customers alike.  

Eric Allais is president and CEO of PathGuide Technologies, Inc., a provider of warehouse management systems for distributors. He has over 30 years of experience in marketing, product management and sector analysis in the automated data collection industry, including warehouse management practices in wholesale distribution.

More