June 29th, 2021
In our previous blog, Supply Chain Attacks: What Are They & How Can You Protect Yourself?, we learned that supply chain attacks are more common than you might think and that they usually happen via malware that enters your supply chain via a supplier or other trading partner. From there, things can quickly spiral out of control. There’s only so much you can do once you’ve been victimized, and, before you know it, the malware will have infiltrated multiple parties.
In order to make yourself, your suppliers, and all your other business partners less vulnerable to supply chain attacks, you have a responsibility to take certain precautions and set security standards for everyone you work with.
It’s more than likely that you’re already on top of this. Maybe you have top-of-the-line security software, use unique passwords, ensure backups, and so on. But have you ever thought about your communication protocols? We have. And that’s why we want to explain why sending invoices and other business documents via email makes your supply chain vulnerable to cyber attacks.
What Are Communication Protocols?
Since the main discussion here is that sending invoices via email makes you (and your customers) vulnerable to supply chain attacks, it makes sense to use SMTP as our example of a communication protocol. That being said, SMTP (AKA email) is a type of communication protocol, or file transfer method. It stands for Simple Mail Transfer Protocol.
The terms “communication protocol” and “file transfer method” are just sophisticated ways of denoting the way in which a file is sent, or how the data is transferred from point A to point B. Other communication protocols include FTP, SFTP, OFTP, HTTPS, and so on.
What Is an Unsecure Network?
As you can probably guess, SMTP is not a secure network. A deeper explanation is this: Without extra measures in place, SMTP isn’t a secure exchange method by default because it lacks aspects of encryption and authentication. Without a lengthy and technical explanation, that means that (in general) all messages are relatively exposed and open to hackers. Therefore, emails are naturally prone to being hacked, which can lead to a supply chain attack.
Although it is possible to create an SMTP environment that addresses some of the main security risks associated with email communication, it’s unlikely that all trading partners have taken steps to secure their email exchanges. That’s why we advocate for the use of secure networks and develop our solutions to reflect this attitude.
What Is a Secure Network?
Unlike SMTP, exchanges over a secure network indicate that the same security measures are in place for all parties using the network. The most popular example of a secure network is the Peppol network, which is an international e-procurement network that requires every participant to undergo a thorough verification process before being able to connect to a highly secure digital infrastructure via a certified Peppol Access Point, like TIE Kinetix.
The ability to send electronic invoices via the Peppol network is often a requirement in Europe for suppliers that want to do business with public authorities, and it is becoming an increasingly common requirement for doing business with private sector organizations as well. But even for those that are not required to send their business documents—invoices or other—via a network such as Peppol, there are still options to send PDF and XML documents securely while avoiding SMTP (email) communication.
A Secure Alternative to SMTP Exchanges
To ensure that our customers and their suppliers are less susceptible to supply chain attacks when using one or more of our solutions, we take many precautions. For example, TIE Kinetix is ISO 27001 certified, which means that we meet the set requirements for information security. Additionally, we no longer present the option to send PDF or XML invoices via email. All things considered, it’s simply too risky for everyone involved.
But as mentioned above, there are still options to send PDF and XML documents securely. And with PDF-2-FLOW, it’s as easy as sending an email. Following a simple application installation, you’ll gain access to an ultra-secure network that enables you to meet your customers requirements and have the confidence that your critical business exchanges won’t be intercepted by hackers.