Please help us improve our website by providing your feedback

At the end of September, it was reported an IT service provider, Tyler Technology (a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector), was hit with ransomware and now assumed to have had Tyler credentials that manage their customers exfiltrated.

In response to the interest of answering many questions related to ‘how do I know I’m safe from this 3rd party breach”, the SANS Institute has come out with some general recommendations for how to manage remote access for Partners and Contractors.

Here are some tips to increase the operations security when working with third-parties.

  • Know « who’s behind the keyboard ». Are the third-party employees on the payroll, dedicated to you (read: they know you and your business). Are they also contractors? Are they located in the same country as yours?
  • When it's not mandatory, do not keep the remote access open 24x7. All access requests must be approved following a procedure.
  • Do not grant full access to your infrastructure. Restrict the third-party rights to the minimum resources to perform its job (least privilege). Keep segmentation in mind. Restrict its access to a jump host that will be used to enforce more security controls.
  • Keep logs of who did what, when, why, and from where. Log everything, all connections, all commands. Example: Detect an unforeseen connection from an unusual location outside the business hours.
  • Keep an inventory of your partners and installed software. Force them to upgrade them and audit the settings.
  • Enable security settings available in the deployed tools Example: Enable MFA, activate client-side certificates, provide security tokens.

Link to the article can be found here

Source: Managing Remote Access for Partners and Contractors

Managing Remote Access for Partners and Contractors

Sourced by: Canadian Centre for Cyber Security

Looking for steps you can take to protect your organization’s networks and information from cyber threats? To get you started, the Canadian Centre for Cyber Security have summarized 13 security control categories that your organization can implement, covering:

  • Incident Response Plan
  • Multi-Factor Authentication
  • Backing up and encrypting data

..and more

By implementing these controls, you can reduce your risks and improve your ability to respond to security incidents. 

While it isn’t always necessary to implement all of the controls, it is encouraged to adopt as many as possible to enhance your cyber security.


Read more

Please help us improve our website by providing your feedback