The Cyber Threat You Didn’t See Coming: Vendors

We recently worked with a company that got blindsided not by a pointed attack from some abstract hacker overseas but rather, the exposure came through a trusted party via an everyday tool.

Here’s what happened: 

As part of a formal audit, this company uploaded sensitive info such as system details and customer records to a cloud storage system (think DropBox or OneDrive). Nothing really out of the ordinary here. 

However, the audit firm dropped the ball after the assessment ended. Rather than emptying the folder and archiving the files they needed to keep per regulation, they left the files in the public online space. Later — you guessed it — that public online space was compromised, with the leak of sensitive data causing major headaches for the company.

We’re sharing this story to help others avoid similar missteps. It’s a stark reminder that cyberthreats can come from anywhere — and that details matter.

This is an issue that’s gained attention of late. Cloud-based software has become a commonplace tool, particularly given the surge in remote work. At the same time, cyber crime has reached record levels. 

In such an environment, it’s vital for companies to make sure that they’re following basic security protocols — including keeping systems updated and correctly protecting passwords — and that they have plans for handling any breaches. But don’t stop there: Protect your company by using vigilance with vendors, as well. 

Here are a few tips:

  • If a vendor suggests using a cloud-based file-sharing tool, establish expectations for security upfront. Hop on the phone and spend a few minutes chatting to find out whether they have basic cybersecurity protocols in place. It could save you a lot of time on the phone later.
  • Ask questions about how they use file-sharing tools, including how often passwords are changed and whether they use Multifactor Authentication.
  • Make sure  they remove information from any cloud-based storage tools when its usefulness has ended and that they properly archive any sensitive data they’re required to keep.
  • Remember that DropBox and similar services are not secure file-backup solutions.

Upfront conversations can go a long way in protecting your company. However, the absolute best way to cover your bases is to have a team of cybersecurity experts on your side. This is where Digital Silence shines — and we know the best help will look different for different companies. We can assess your security, help you handle a breach, make sure your security measures meet industry standards, perform a friendly “attack” to find your vulnerable points, help you formulate a budget-friendly plan to improve your defenses — even act as your chief information security officer. Many executives have cybersecurity anxiety these days — let us help put your mind at ease.

Are you experiencing a
Security Incident?

We are here to help 24/7. In addition to providing immediate assistance, Digital Silence offers a suite of remediation services designed to help organizations get back to business.