Security Alert: Slack Data Breach
A warning to all hoteliers that use Slack: the popular messaging app for businesses has disclosed they suffered a data breach at the end of 2022.
According to the report, a threat actor gained access to Slack’s GitHub repository and download private code repositories. Slack did note that it believes no customer data was accessed because of the breach.
The Takeaway
Companies worldwide rely on Slack for confidential internal instant messaging, so any compromise of these systems raises serious alarms. As this was their second incident in under a year, the situation is certainly worth monitoring should further exposure be reported.
More importantly, this incident underscores the ongoing data protection vulnerabilities posed by third-party vendors.
Nearly half of all breaches have points of origin in third party companies. While your organization may have taken all the right steps to protect your data, the companies that you rely on, from POS systems to HVAC units, must also be similarly secure. In the event they are breached, your organization may not be directly to blame for the incident, however that does little to mitigate the resulting financial and reputational damage.
VENZA Can Help
There are steps that you can take to mitigate the risk from third parties and VENZA is here to help!
We recommend:
1. Use software to streamline vendor management. Platforms can manage data collection, organization, and storage with pre-prepared questionnaires that “ask the right questions” of vendors. VENZA’s privacy management tools can automate important tasks.
2. Review contractual obligations. Pay attention to data breach notification provisions of contracts. Before signing, consider stipulating responsibilities for notification, timing, and other responses (e.g., engaging forensic firms after a breach.)
3. Minimize data sharing. Limit what data is shared between your company and vendors. It is a balancing act with business needs, but keep in mind ways to segment or cordon off components of your systems.
4. Build internal resilience. Consider how to bolster your own systems to become more secure in the event of a third-party breach. For example, including tokenization of data and creating “zero-trust zones” for remote access.
5. Maintain backups. Rebound from unauthorized access and harden your systems against destructive ransomware and malware with a Managed Security Services Provider like CyberTek MSSP.
Feeling overwhelmed? Don’t be. VENZA and CyberTek are here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success Team.
Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.
Take VENZA’s free Phishing Test to assess gaps in your human firewall today!
Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.