Maybe you don’t know? Or are you just assuming you do? Well, you should know and it should be secure. We know from experience that often WMS security is not a priority. It is like an insurance; in the unfortunate case you need it, you are glad you have it. If you don’t have it, too bad… Security breaches can occur on different levels. They can be caused by outdated software and hardware, poor security and user protocols, but what about thieving staff, poor inventory control and third party employees such as drivers, delivery agents, and maintenance or IT techs?

1. Reliance on old software and hardware

In most instances, the older your software and hardware, the greater the danger you face from cyber threats. Older systems may not support the latest upgrades, patches, or hardware specifically designed to increase security. For instance, your WMS security may rely on on-premise solutions. Because your company has to pay for the hardware installation, maintenance, upgrades, and replacements you’ve likely got a broad mix of technologies. Disparate infrastructure often needs to use the lowest common denominator technology, which could open you up to a wide variety of threats from the most sophisticated cyber intrusions to low-tech threats designed simply to bring your network down. For example many operations are still run on Windows XP/Windows CE platforms, an operating system Microsoft ceased to support in 2014…. We all know about the horror stories of randsomware crippling complete organisations and costing tons of money. To give you an idea if the severity of these kind of attacks, we list the top 3 of 2017 (who all happen to have pretty dramatic names emphasising the havoc they can cause…):
  1. NotPetya NotPetya started as a fake Ukranian tax software update, and went on to infect hundreds of thousands of computers in more than 100 countries over the course of just a few days. This ransomware is a variant of Petya, but uses the same exploit behind WannaCry. It hit a number of firms in the US and caused major financial damage: For example, the attack cost pharmaceutical giant Merck over a whopping $300 million in Q3 alone, and is on track to hit that amount again in Q4.
  2. WannaCry WannaCry (also known as WannaCrypt) has been one of the most devastating ransomware attacks in history, affecting several hundred thousand machines and crippling banks, law enforcement agencies, and other infrastructure. It was the first strain of ransomware to use EternalBlue, which exploits a vulnerability in Microsoft’s Server Message Block (SMB) protocol. Over 180 countries were affected by Wannacry resulting in an economic los of billions of euros.
  3. Locky Locky is currently the top payload in terms of ransomware and across all malware families, according to a report from security firm Proofpoint. While Locky was 2016’s most popular ransomware strain, new variants called Diablo and Lukitus also surfaced this year, using the same phishing email attack vector to initiate their exploits.
  4.   (source: And it does not end with the threat of ransomware. Not every warehouse management system’s security is the same, so your whole operation could be at risk on different levels. Now we are not a big American company trying to scare you, but protecting your company, staff, inventory, and facilities should always be a priority and this requires a robust WMS security protocol. In our years of experience we have seen it all and we know for a fact that there are systems on the market that are not keeping warehouses as safe as they could. On more than one occasion we had to get a company’s operation back online after a security breach, where every day of inactivity is money lost. A safer operation is also a more profitable organisation. Cloud WMS is one of the most cost-effective ways to introduce advanced security into your operations, and your fellow professionals believe that too. A growing percentage of enterprise companies consider the cloud to be more secure than legacy systems, as well as noting that it makes it easier to take further security measures like proper data encryption and ID access policies.

    2. Lack of good internal inventory controls

    Theft by employees is a big problem for businesses, especially in the warehouses. According to a 2015 study, half of inventory losses with an estimated value of a whopping $22 billion each year, can be attributed to employees. This kind of thievery ranges from ‘taking one item under the coat’ to professional scams by organised groups. If your organisation does not have a secure WMS that enforces check-in rules, daily inventory checks, or inventory verification with authentication from others, you run the risk of inventory ‘going missing’. Of course there are WMS security solutions that can rectify many of these concerns without endangering the productivity of the organisation. This all starts with having your workers enter activity and transactions with identification that is specific to them. This way all activity in the entire operation can be monitored and checked. Require check-in during every stage from reception and adding to inventory through picking, packing, and distribution. Not only does this make it harder for theft to occur but it also creates an audit trail tied to each worker if a theft occurs. An audit on how goods move through your warehouse can also help you identify potential theft opportunities and highlight training needs for employees who are not following proper procedure.

    3. Who is entering and leaving?

    On a daily basis many employees enter and leave your warehouse. This flow of traffic, including people completing transactions in your warehouse, are not just your own employees. Drivers, delivery agents, maintenance or IT techs, and others will all have access to your warehouse have access on different levels in your organisation. Does your WMS know who they are or capture information on them, or are there ways for people with bad intentions to take advantage of the holes in your security protocols? Your WMS security may leave your company open to risks if it isn’t automatically collecting or collating details such as license plates, yard access, or visitor intake, you could be opening yourself up to theft from outside sources. License plate recognition technology is becoming more common in WMS and yard management tools because it also provides you with metrics on overall traffic. Take a look at this option for an improvement that also has operational benefits, making it a worthwhile investment for many.

    Aratus and security

    With every project we do at Aratus security is always on the agenda. Where it comes to security the saying “prevention is better than cure” ticks the boxes on all levels. A secure operation runs smoother and is more profitable. The investment in security – when done properly – will always outweigh the costs that come with a severe security breach that can cripple the entire organisation. This can potentially mean loss of contracts and clients. If you want to know more about the solutions we offer, then contact us. We have our A-Core WMS with additional products and services, but we also advice and help organisations that have existing systems running.