fbpx Skip to main content

Identity Protection: Trust but Verify

By October 26, 2020Security
Trust by Verify: MFA for Security

Employers can spend a lot of time interviewing candidates to work for their company. Certainly, the candidate needs to have the right skills. They need to be able to work with others on the team and serve customers well. But then there is a question that the interviewer is always asking themselves after an interviewee that shows all the right signs of being a great employee: Do I trust them?

What do I mean by “Do I trust them”? Do I give them access to our building? Do I give them access to our internal confidential information? Do I let them represent our company to our clients? Ultimately, am I willing to take a risk on this person and potentially make my business vulnerable in hopes that they will add value to the organization?

Those are big questions. Those are the gut call moments before deciding to extend an offer of employment. But once you’ve chosen employees you trust, how do you protect their identities? How is trust managed day to day for your employees?

Trust in the IT realm is different.

Your technology doesn’t make “gut calls”. Most systems are traditionally set up with username and password authentication. If the entered username and password are correct, the system believes the individual has verified that they are who they say they are.

All of the resources and access you trust that employee with are at the disposal of the person that put in the username and password. Even if they are not actually the person that the username and password belong to.

This is not a pleasant thought, and many avoid thinking about it. But what if what have you trusted them with that can be exploited…by someone else?

User identities & trust can be exploited.

You may have worked with “John” for 30 years and you know the likelihood that he’ll turn on you is less than 1%. You see an email from him, recognize his name, and your guard is lowered because you trust him.

However, what if by mistake John fell for a phishing scam? What if his password was compromised through keylogging, a brute force attack, or a captured password hash? Now, all the resources of your trusted employee are in the hands of someone you do not trust. The attacker has access to the files and information – which is bad enough. But they also have your employee’s good reputation, which in some cases is more valuable than the data.  A successfully entered username and password does not carry the trust of the employee if their account is compromised.

Verify & protect your digital identity with MFA.

I believe we underestimate the value of our digital identity. Because of that, we underestimate the value of verifying and protecting that identity.

Multi-factor authentication (MFA) can be implemented very cheaply and provides a dramatic increase in identity protection. In most cases it is set up for a user to enter their username, password, and a third piece of information. Before they are granted access, they need to approve the login from an app on their phone, or enter a code from a text message sent to them.

To be honest, it is not difficult to get a user’s password if someone wants it. It is much more difficult to get that password and hijack their multi-factor authentication approval.

Having MFA does not eliminate the risk of identity hijacking, but it does greatly reduce it. Yes, it causes a minor inconvenience for employees, but as we weigh this risk, it is worth it. It’s especially worth it for systems that are accessible from anywhere in the world.

Trust your employees, but verify their identities in your systems.

Reach out today if you are not utilizing MFA on your publicly accessible systems. Let us help you protect your digital identity!

Disaster Recovery

Importance of a Reliable Disaster Recovery Plan for Your Business

| Email, Managed Services, Security | No Comments
Running a business is not always a smooth-sailing operation. There are often things that could go wrong regardless of how cautious you are or how hard you abide by the so-called rules. Because of this, you should have a good backup and disaster recovery plan in case a disaster happens, like an accident or a cyberattack. There are plenty of BDR solutions for different businesses. You must find the one that fits your needs and will protect your network and data in the best way possible. Understanding Backup Disaster Recovery All businesses deal with important information, like details about transactions,…
Social Media Phishing

Quiz Time: Can You Handle Social Media Phishing Attacks at work?

| Managed Services, Security | No Comments
Our last three blogs have discussed cybersecurity threats and how they affect a business. We have talked about the dangers that stem from various types of malware. We have warned you about the newest cybersecurity risks expected to wreak havoc on businesses soon. And in the face of the ongoing growing acceptance of remote work setups, we have delved into the threats related to working from home. Now, we will now talk about social media phishing. The common thing in all these topics is that they are all linked to phishing. A strong phishing attack can make a network open…
Risks of Working from Home

Addressing the Cybersecurity Risks of Working from Home

| Business Productivity, Managed Services, Security, Tech Tip | No Comments
A remote workforce has become the norm since the pandemic. Even now that we consider it safe to return to office work, many businesses have maintained the remote work setup because of the advantages. However, the risks of working from home also bring issues that need attention so as not to risk the company’s network and data. What Are the Cybersecurity Risks That Come with Working from Home? There are risks when working from home. Workers lack the usual protective measures used in an office network. Many workers use their home networks and may also use the same device for…