Okta, one of the world’s leading providers of digital identity verification, announced a serious data breach in January. The attack may have affected hundreds of customers that rely on its software to manage secure access to their internal computer networks.
If such big organizations are facing third-party data breaches, then what about small and midsize businesses?
Let’s find out about third-party data breaches and how to protect your organization.
The Okta Data Breach
Chief Security Officer of Okta, David Bradbury shared information about the data breach in a blog post. A customer support engineer working for a third-party contractor had his computer accessed by the hackers for a five-day period in mid-January.
The potential impact on Okta customers is huge, even though the attackers were limited by the low-security access of support engineers.
“There are no corrective actions that need to be taken by our customers,”. According to their thorough analysis of the claim, approximately 2.5% of their customers have been affected and their data has been viewed or acted upon. They have identified those customers and already reached out directly by email.
Why Are Third-Party Applications Unsafe?
The biggest problem with third-party apps is their lack of protection. Organizations often give third parties too much access, lack visibility into the access of those organizations, and often struggle to control and manage third-party access. As the third-party organization associations increase, the risk level also increases.
In addition, third parties serve as a hallway, allowing hackers to move from one organization to another. Through this method, they don’t just gain access to a particular organization, but also to different affiliated organizations.
All companies, regardless of the size of the industry, should try to develop their robust access policies, monitor access as close as possible, and make sure they have visibility, insight, and the ability to manage and control third-party access.
The first thing you need to do is evaluate your vendors beforehand. It is strongly recommended to restrict access to your network and data. Be sure to monitor your vendors constantly. Get rid of vendors who put you at risk by saying goodbye.
Steps To Protect Your Business From Third-party Data Breaches
The privacy of third parties on your data depends on how you treat them. These are the steps to take care of:
- Limit the number of super admins to four and ensure that access is appropriate and approved.
- Access to critical or sensitive data must be granted before any integration.
- Change the password of super admins.
- Review the logs of the system on a regular basis.
- Total Endpoint Protection for monitoring and protection.
- Continuously back up applications and data for recovery.
- Can add two-factor authentication (2FA).
- Privilege Access Management, where no human knows an Administrative Password.
- Try to create admin IDs for admins separately from their normal accounts.
- Implement an enterprise logging solution that has security capabilities to identify and surface issues in applications.
- Plan to deploy “micro-segmentation” which provides a “bubble” for each application per their individual security requirements.
- Create disaster policies in case the company experiences a data breach.
It’s better to be safe than sorry. In order to avoid a future data breach, follow all the suggested preventative measures.
Want to test how secure your business is against cyber attacks?
Let’s talk. We will analyze your current cyber security measures and help you optimize your security.