Tips To Avoid Compromised Contractor Accounts

Companies rely on contractors, and often give them user accounts with access to sensitive data, but the risk of contractor account compromise appears to be growing. The FBI warns about an increase in business email compromise schemes, and other attacks aimed at stealing contractor credentials. Last March a parts manufacturer for Tesla and SpaceX suffered a ransomware attack. The hackers uploaded some of the data they stole to a publicly accessible website to convince the company to pay the ransom. In June, hackers gained access to systems owned by Westech International, a military contractor, and stole nuclear missile data. Ilia Sotnikovby offers tips to reduce contractor account compromise. Make sure that each user account, including each third-party account, has the absolute minimum permissions necessary to do their job. Divide your network into smaller, isolated networks that are not visible from the outside. Following least privilege, grant contractors access only to the segments they need to deliver specified services. As soon as a contractor finishes delivering its services, disable the associated accounts, and implement multi-factor authentication. Implementing those measures and others he suggests helps detect attacks in their early stages to minimize their impact.