Why Your Suppliers and Vendors Need MFA 

How many different third parties and business partners have access to your data? How many are failing to properly protect it?
Discover more

Okta Hack: Find Out Why Your Suppliers and Vendors Need MFA

How many different third parties and business partners have access to your data? How many are failing to properly protect it?

This is exactly how Okta recently suffered a major data breach. Could the same thing happen to you?

If your partners don’t have Multi-Factor Authentication in place, you could be next.

How Was Okta Breached?

In January, Okta suffered a major breach as a result of a third-party vulnerability. Okta admitted that 366 companies, or 2.5% of its client base, were affected by the security breach that allowed hackers to access the company’s private internal network.

An engineer working for a third-party contractor of theirs had his computer accessed by a hacker over the course of five days. While inside the system, the hacker let a ransomware group Lapsus$ inside, leading to a breach of thousands of clients’ information.

Given that Okta is a major player in the cybersecurity space (they offer a popular Single Sign-On solution), they likely have a very robust cybersecurity defense. Obviously, the same wasn’t true of the third parties they worked with.

This is a great reminder of why you need to consider the security of your “supply chain”…

Is Your Supply Chain Putting You At Risk?

The fact is that, no matter how strong your company’s cybersecurity is, it can all be circumvented by a cybercriminal that targets another company connected to yours.

Dealing with third parties is a part of doing business. Whether you’re the administrator for a healthcare practice or an executive at a financial firm, you need specialized, industry-specific technology to ensure your business is productive and profitable.

While it’s easy to trust that your vendors will be able to implement and support their products, it’s another thing entirely to assume they’ll do so with your security in mind.

Sensitive data is often captured, stored, and used on third-party vendor technology, and so without the right IT security measures in place, all that data could be at risk. it won’t matter how secure your foundational IT is if the specialized technology you use is vulnerable.

This is why you need to make sure that any company with access to your data is properly protecting it. The best way to do so is with MFA.

Make Sure Your Partners Use MFA

MFA is a superior way to keep data more secure—after all, it blocks 99.9% of identity-based attacks.

MFA requires the user to utilize two methods to confirm that they are the rightful account owner. There are three categories of information that can be used in this process:

  • Something you have: Includes a mobile phone, app, or generated code
  • Something you know: A family member’s name, city of birth, pin, or phrase
  • Something you are: Includes fingerprints and facial recognition

An MFA solution offers a range of key benefits to modern businesses which help to increase security without affecting the user experience:

  • Bring Your Own Device: In today’s modern business world, more and more employees prefer to do at least some of their work through their mobile devices, which can present a serious security risk. However, with an MFA solution, you can enroll new employee devices in minutes, given that there’s no need to install an endpoint agent.
  • Convenient Flexibility: An MFA solution won’t force you to apply the same security policies to every user in the company. Instead, you are given the capability to specify policies person by person or group by group.

Why Is MFA So Popular?

If you’ve hesitated to enable MFA for your accounts because it seems too complicated or too fiddly for everyday use, you should know that the benefits greatly outstrip the perceived annoyance.

The protection that MFA adds allows you to use your passwords for a longer length of time between password resets, and in the event that your service provider is compromised and your email and password end up in an open database on the open web, you will have time to change your password before your individual account is compromised.

You may not need MFA for every account you use—but for your email accounts, financial services, and work-related accounts, if MFA is an option, you should enable it. If it’s not an option, you should ask yourself, and perhaps the service itself, why you would keep using a service that doesn’t offer an easy step to keep your data secure?

Don’t Let Your Partners Put You At Risk

Are you unsure if your business partners and vendors are doing their part to protect your data?

I.T. Matters, Inc. will help. We can manage your vendors and ensure they have MFA in place so that cybercriminals can’t directly access your business data.

Set a meeting with our team to get started.