June Edition 2021

49 4. Establish Secure Comm. Channel for Senior Management; 5. Assess Key Vendor/Suppliers; 6. MFA On All Accounts/Service Accounts; If a threat actor takes down company email systems, it is important to have a pre-established secure app texting string already set up so that executives aren’t trying to download an app and figure out how to communicate while in a crisis. A regular text is not a sufficiently secure alternative method once a threat actor has taken control of company systems. Hacks rooted in vulnerabilities of suppliers and vendors (such as software Solar Winds and Accellion) are up exponentially. Your company is only as strong as its weakest vendor. Assess and audit any key vendor or supplier to ensure they aren’t a trojan horse for a compromise of company information. For companies with thousands (or more) vendors, triage the review so that you are looking at those that are key and/or have access to or hold sensitive company, customer or employee data. It is critical to implement multifactor authentication on all company accounts, including service accounts and social media accounts that may have been overlooked. Company legacy email protocols should be reviewed as well. These two steps will go a long way to shutting down the risk of an Office365 or business email compromise –the most common of attacks.