You may have encountered a vendor or customer who is unfortunately experiencing a security breach. When this happens to a partner, it's crucial that we become extra vigilant to protect your own organization from follow-up attacks.
Quick note, check out our "Steps After a Data Breach" blog post if you are the one who has been compromised!
Attackers will use the information and trust they gained from the breach to try to target your company. Here are the most important things we all need to do, starting immediately.
The 3 Golden Rules: Think Before You Act
- BE HYPER-VIGILANT: Assume any communication from the compromised partner could be fraudulent. Scrutinize every email, message, and phone call.
- VERIFY, DON'T TRUST: If you receive an unexpected or unusual request, even if it looks legitimate, do not act on it. Verify it using a different communication channel. For example, if you get a strange email, call the person at a phone number you know is correct.
- REPORT EVERYTHING SUSPICIOUS: You are our best line of defense. There is no penalty for a false alarm. Report anything that feels "off" to the IT/Security team immediately. Use the "Report Phishing" button in your email or forward the message to helpdesk@lighthousesol.com
Actionable Tips for Your Daily Work
1. On Email Communication
- Watch for Phishing: Attackers will send sophisticated phishing emails that look like they're from the compromised company. Look for:
- Urgent or Threatening Language: "Your account will be suspended," "Immediate action required."
- Unusual Requests: A sudden request to change a bank account number, pay an invoice to a new account, or share sensitive data.
- Suspicious Links & Attachments: Hover over links before you click to see the real destination URL. Never open unexpected attachments, especially .zip, .exe, or .docm files.
- Impersonal Greetings: "Dear Customer" or "Hi user" can be a red flag.
- Be Wary of "Breach Notification" Emails: Attackers often send fake breach notification emails with a malicious link to "reset your password" or "check your account." Only trust official announcements from our own IT/Security team.
2. On Passwords & Account Access
- Change Relevant Passwords: If you ever used your work email and password to log into a portal on the breached vendor's or customer's website, you must change your work password immediately.
- Never Reuse Passwords: This incident is a perfect reminder of why you should never use your work password for any external site.
- Double-Check Your MFA: Multi-Factor Authentication (MFA) is your best defense against a stolen password. Ensure it's active on your account and be suspicious of any unexpected MFA prompts you receive. Don't approve a push notification you didn't initiate.
3. On Phone Calls and Text Messages
- Verify the Caller: Be cautious of unexpected phone calls asking for information (this is called "vishing"). If someone claiming to be from the compromised company asks you to perform an action (like resetting a password or providing data), hang up and report it to IT.
- Don't Trust Text Messages: Attackers may send texts with malicious links ("smishing"). Treat these with the same suspicion as a phishing email.
4. On Data Sharing
- Stop and Think Before Sharing: Do not provide sensitive information, such as passwords, personal identifiable information (PII), or financial data, in response to any unsolicited email or phone call.
- Stick to Official Channels: Only use our company's approved methods for sharing files and information with partners.
When in doubt, contact Lighthouse IT.
What Lighthouse IT is Doing
While you practice the vigilance above, Lighthouse is working behind the scenes by:
- Monitoring your network for any suspicious activity originating from the compromised partner.
- Blocking known malicious domains and IPs associated with the attack.
- Reviewing all system access that the partner had and disabling it where necessary.
- Communicating directly with the compromised partner. (If applicable.)
Your diligence is critical to a coordinated defense. By being alert and cautious, you can prevent an incident at a partner from becoming a crisis for your entire organization!