Supply Nation in safe hands with Baidam
Established in 2009, Supply Nation has worked with Aboriginal and Torres Strait Islander businesses and procurement teams from government and corporate Australia to help shape today’s emerging and rapidly evolving Indigenous business sector.
Today, Supply Nation is Australia’s leading supplier diversity organisation. It has over 800 member organisations (corporates, governments, education providers, industry associations and not-for-profit organisations) and more than 5000 verified Indigenous businesses registered on its Indigenous Business Direct (IBD) national directory.
Supply Nation’s support, combined with a range of business tools, helps its members to develop their supplier diversity practices, and build a strong, successful, and sustainable Indigenous business sector. In 2022-23, Supply Nation facilitated $4.1 billion of spend with verified Indigenous businesses.
A tide of change
Before joining Supply Nation as Head of Corporate Services in 2023, former police officer Mark Hopcroft held senior management positions in the finance, not-for-profit, and public sectors.
“When I joined Supply Nation, the organisation was going through a period of significant internal transformation,” says Mark, “including introducing a cultural change program designed to help us review our core business and how we deliver our services.
“Along with a refreshed executive team came a fresh focus on how we protect the data we’re entrusted with. Our digital programs manager raised some concerns about the spread of data across our network and applications (which ranged from our well-known CRM tool, to proprietary programs built in-house). In light of news about recent major security breaches in the enterprise space, our awareness of our legal and ethical responsibility for our data was at an all-time high.
The security and integrity of the personally identifiable information (PII) and other data we hold is of critical importance to us – and the people we advocate for and to.
We have data from Indigenous businesses on IBD and our member organisations. Getting our security policies assessed as quickly as possible was signalled as being a business imperative by our new executive team - and we didn’t have the capacity or capability to do it ourselves. So, we needed help, and we needed it fast.”
Bolstering business confidence with Baidam
Luckily, Baidam and Supply Nation had already formed a working relationship through an earlier engagement, so help was close at hand.
Prior to Mark joining the organisation, Baidam carried out a cybersecurity gap assessment exercise for Supply Nation. This included reviewing its existing cybersecurity policies, tabling mitigation recommendations, preparing a third-party risk assessment, and developing a disaster recovery and incident response plan.
However, with his eye firmly on Supply Nation’s dispersed data and wanting to understand any potential risks it posed, Mark asked for a further assessment of the organisation’s data retention, storage, and recovery policies.
Baidam’s comprehensive report delivered a range of actionable insights, including internal training and improving Supply Nation’s Essential Eight maturity level to help mitigate potential areas of weakness and vulnerability.
“We ended up taking a holistic approach to the risk assessment,” says Mark. “As a result, not only did Baidam evaluate our cloud security, but our backup procedures, and our ability to recover from an attack.
“As an organisation that collects and collates data, we can’t afford to be in a position where it's exposed; we needed to proactively strengthen our cyber security posture. Although we had addressed some aspects of cybersecurity by introducing multifactor authentication and other best practices, what we needed to implement to protect us fully was beyond our internal capabilities.
“Baidam played an invaluable role in helping us to achieve what was needed – from suggesting easy wins like introducing guest Wi-Fi to documenting very tight, rigorous operational procedures.”
A more secure Supply Nation
Mark says Supply Nation now has more rigorous cybersecurity controls and processes in place, which continue to be assessed and reassessed for continuous improvement. This is done with the guidance and support of Baidam.
“We place huge importance internally on not putting our organisation and data - and everything we do to support the Indigenous business sector at risk. Baidam has made a huge contribution to ensuring our cyber security policies and procedures will keep us cyber-aware and ever-vigilant. We know how important it is to continue stepping up the Essential Eight maturity ladder, and
Baidam has played a critical part in advancing our cyber maturity and ensuring we adhere to our policies.
What’s next for Supply Nation? “Baidam will continue to deliver ongoing penetration testing in alignment with our managed services provider to keep our application security up to scratch and carry out all of the other deep dives that we've got to do,” says Mark.
“I think we have a safer future with Baidam as our partner – the business and the people behind it are very impressive. We’ve been very comfortable working with them, and they’ve delivered on everything they’ve promised.”