Okta, one of the world’s leading providers of digital identity verification, announced that a January data breach revealed by hackers may have affected hundreds of customers that rely on its software to manage secure access to their internal computer networks.
Isn’t it worrisome? If such big organizations face this issue, then don’t you think smaller organizations will, too? Absolutely!
Chief Security Officer of Okta, David Bradbury notified in a blog post that a customer support engineer working for a third-party contractor had his computer accessed by the hackers for a five-day period in mid-January and that the potential impact to Okta customers is limited to the access that support engineers have.
Added to this he mentioned, “There are no corrective actions that need to be taken by our customers,”. According to their thorough analysis of the claim, approximately 2.5% of their customers have been affected and their data has been viewed or acted upon. They have identified those customers and already reached out directly by email.
The biggest problem with third-party apps is their lack of protection. Organizations often give third parties too much access, lack visibility into the access of those organizations, and often struggle to control and manage third-party access. And as the third-party organization associations increase, the risk level also increases.
In addition, third parties serve as a hallway, allowing hackers to move from one organization to another. Through this method, they don’t just gain access to a particular organization, but also to different affiliated organizations.
All companies, regardless of the size of the industry, should try to develop their robust access policies, monitor access as close as possible, and make sure they have visibility, insight, and the ability to manage and control third-party access.
The first thing you need to do is evaluate your vendors beforehand. It is strongly recommended to restrict access to your network and data. Be sure to monitor your vendors constantly. Get rid of vendors who put you at risk by saying goodbye.
The privacy of third parties on your data depends on how you treat them. These are the steps to take care of:
- Limit the number of super admins to four and ensure that access is appropriate and approved.
- Access to critical or sensitive data must be granted before any integration.
- Change the password of super admins.
- Review the logs of the system on a regular basis.
- Total Endpoint Protection for monitoring and protection.
- Continuously back up applications and data for recovery.
- Can add two-factor authentication (2FA).
- Privilege Access Management, where no human knows an administrative Password.
- Try to create admin IDs for admins separately from their normal accounts.
- Implement an enterprise logging solution that has security capabilities to identify and surface issues in applications.
- Plan to deploy “micro-segmentation” which provides a “bubble” for each application per their individual security requirements.
- Create disaster policies if in case the company experiences a data breach.
It’s better to be safe than sorry. In order to avoid a future data breach, follow all the suggested preventative measures.
Our job does not end when we help you find the right hardware and software. We integrate your new systems with your existing technology infrastructure. We offer guidance and support to your end-users to ensure they are able to adapt to the new systems. IT procurement services in NYC enable your organization to operate with a responsive procurement strategy. When updates are available, your organization will receive solutions that will align with your organization’s needs and business value.
Our services, combined with our industry knowledge, offer organizations a one-of-a-kind buying experience with our consulting services tailored to fulfill the needs of your organization. Organizations are operating in a fast-paced world of IT, and technology is a critical part of every organization, regardless of the industry. Organizations of all landscapes must effectively manage their IT and software requirements if they want to improve productivity and efficiency, reduce costs, streamline workflow, and improve value.
Connect with us today to find out how our IT procurement services in NYC can work for your organization.