Skip to main content

Identity Protection: Trust but Verify

By October 26, 2020Security
Trust by Verify: MFA for Security

Employers can spend a lot of time interviewing candidates to work for their company. Certainly, the candidate needs to have the right skills. They need to be able to work with others on the team and serve customers well. But then there is a question that the interviewer is always asking themselves after an interviewee that shows all the right signs of being a great employee: Do I trust them?

What do I mean by “Do I trust them”? Do I give them access to our building? Do I give them access to our internal confidential information? Do I let them represent our company to our clients? Ultimately, am I willing to take a risk on this person and potentially make my business vulnerable in hopes that they will add value to the organization?

Those are big questions. Those are the gut call moments before deciding to extend an offer of employment. But once you’ve chosen employees you trust, how do you protect their identities? How is trust managed day to day for your employees?

Trust in the IT realm is different.

Your technology doesn’t make “gut calls”. Most systems are traditionally set up with username and password authentication. If the entered username and password are correct, the system believes the individual has verified that they are who they say they are.

All of the resources and access you trust that employee with are at the disposal of the person that put in the username and password. Even if they are not actually the person that the username and password belong to.

This is not a pleasant thought, and many avoid thinking about it. But what if what have you trusted them with that can be exploited…by someone else?

User identities & trust can be exploited.

You may have worked with “John” for 30 years and you know the likelihood that he’ll turn on you is less than 1%. You see an email from him, recognize his name, and your guard is lowered because you trust him.

However, what if by mistake John fell for a phishing scam? What if his password was compromised through keylogging, a brute force attack, or a captured password hash? Now, all the resources of your trusted employee are in the hands of someone you do not trust. The attacker has access to the files and information – which is bad enough. But they also have your employee’s good reputation, which in some cases is more valuable than the data.  A successfully entered username and password does not carry the trust of the employee if their account is compromised.

Verify & protect your digital identity with MFA.

I believe we underestimate the value of our digital identity. Because of that, we underestimate the value of verifying and protecting that identity.

Multi-factor authentication (MFA) can be implemented very cheaply and provides a dramatic increase in identity protection. In most cases it is set up for a user to enter their username, password, and a third piece of information. Before they are granted access, they need to approve the login from an app on their phone, or enter a code from a text message sent to them.

To be honest, it is not difficult to get a user’s password if someone wants it. It is much more difficult to get that password and hijack their multi-factor authentication approval.

Having MFA does not eliminate the risk of identity hijacking, but it does greatly reduce it. Yes, it causes a minor inconvenience for employees, but as we weigh this risk, it is worth it. It’s especially worth it for systems that are accessible from anywhere in the world.

Trust your employees, but verify their identities in your systems.

Reach out today if you are not utilizing MFA on your publicly accessible systems. Let us help you protect your digital identity!

social engineering tactics

How Hackers Use Social Engineering Tactics in Phishing Scams

| Business Productivity, Security | No Comments
Social engineering is quite a buzzword these days in the world of cybersecurity. But what is it, and why are businesses so afraid of it? It is a form of hacking that uses deception and manipulation to get victims to divulge information. Companies have reason to be fearful because social engineering tactics have led to a lot of destruction and millions of dollars in losses for businesses worldwide. Phishing is one of the most rampant types of attacks these days. It has been highly successful because it uses tried-and-tested social engineering techniques to hoodwink potential victims. What are these Social…
spot social engineering

Training Employees to Spot Social Engineering

| Security, Tech Tip | No Comments
Social engineering is one of the newest methods hackers use to access sensitive information. Rather than attacking a system directly, this technique relies on human psychology to gain information. This method is brilliant when you think about it because it does not have to deal with going past ironclad network security. If hackers can manipulate even a single employee, they might hand over sensitive information on a silver platter, and the hackers can take control of the organization’s entire system. This is why its important for your employees to learn how to spot social engineering. Companies must understand that if…
Phishing Scam Tactics

Top 8 Phishing Scam Tactics and How to Identify Them

| Business Productivity, Security, Tech Tip | No Comments
Phishing has been a common hacking method for over two decades now. You would think that everyone would already know how it works and how to avoid becoming a victim, right? Sadly, that is not the case for these Phishing Scam Tactics. There are more victims now than ever. In 2022, there were more than 300,000 victims in the US alone, with damages amounting to over $52 million! The thing is that phishing scams have evolved over the years. Hackers are now more adept at hoodwinking unsuspecting victims, and they also have easy access to modern technology that helps elevate…