fbpx Skip to main content

Identity Protection: Trust but Verify

By October 26, 2020Security
Trust by Verify: MFA for Security

Employers can spend a lot of time interviewing candidates to work for their company. Certainly, the candidate needs to have the right skills. They need to be able to work with others on the team and serve customers well. But then there is a question that the interviewer is always asking themselves after an interviewee that shows all the right signs of being a great employee: Do I trust them?

What do I mean by “Do I trust them”? Do I give them access to our building? Do I give them access to our internal confidential information? Do I let them represent our company to our clients? Ultimately, am I willing to take a risk on this person and potentially make my business vulnerable in hopes that they will add value to the organization?

Those are big questions. Those are the gut call moments before deciding to extend an offer of employment. But once you’ve chosen employees you trust, how do you protect their identities? How is trust managed day to day for your employees?

Trust in the IT realm is different.

Your technology doesn’t make “gut calls”. Most systems are traditionally set up with username and password authentication. If the entered username and password are correct, the system believes the individual has verified that they are who they say they are.

All of the resources and access you trust that employee with are at the disposal of the person that put in the username and password. Even if they are not actually the person that the username and password belong to.

This is not a pleasant thought, and many avoid thinking about it. But what if what have you trusted them with that can be exploited…by someone else?

User identities & trust can be exploited.

You may have worked with “John” for 30 years and you know the likelihood that he’ll turn on you is less than 1%. You see an email from him, recognize his name, and your guard is lowered because you trust him.

However, what if by mistake John fell for a phishing scam? What if his password was compromised through keylogging, a brute force attack, or a captured password hash? Now, all the resources of your trusted employee are in the hands of someone you do not trust. The attacker has access to the files and information – which is bad enough. But they also have your employee’s good reputation, which in some cases is more valuable than the data.  A successfully entered username and password does not carry the trust of the employee if their account is compromised.

Verify & protect your digital identity with MFA.

I believe we underestimate the value of our digital identity. Because of that, we underestimate the value of verifying and protecting that identity.

Multi-factor authentication (MFA) can be implemented very cheaply and provides a dramatic increase in identity protection. In most cases it is set up for a user to enter their username, password, and a third piece of information. Before they are granted access, they need to approve the login from an app on their phone, or enter a code from a text message sent to them.

To be honest, it is not difficult to get a user’s password if someone wants it. It is much more difficult to get that password and hijack their multi-factor authentication approval.

Having MFA does not eliminate the risk of identity hijacking, but it does greatly reduce it. Yes, it causes a minor inconvenience for employees, but as we weigh this risk, it is worth it. It’s especially worth it for systems that are accessible from anywhere in the world.

Trust your employees, but verify their identities in your systems.

Reach out today if you are not utilizing MFA on your publicly accessible systems. Let us help you protect your digital identity!


MSP Services

Boost Your Business Performance with MSP Services

| Business Productivity, Managed Services | No Comments
Every business owner wants to achieve continued success for their business. Several processes and tasks need to be taken care of in creating and maintaining a successful business. Most owners cannot handle these because there is too much to do and not enough time. For this reason, many business owners rely on the services of IT managed service providers, or MSP's. If you're a regular reader of our blogs, you'll remember that we have covered some of the most valuable services MSPs can provide for your business. Here is a quick look back at those services and how they can…
Technology

Understanding the Technology That Runs Your Business

| Business Productivity, Uncategorized | No Comments
No matter what kind of business you run or what industry you are in, we all know that technology is crucial to our success. Using the right technology can put your business on the path toward growth and success. And a lack of proper IT tools and strategies could make you fall behind your rivals and lose considerable profits. Practical Applications of Technology for the Modern Business Most business owners understand that a reliable IT system is necessary for network security. Internal and external communications, database management, and other high-priority areas. But IT is also valuable in improving practically all…
IT Provider

The Right IT Provider Is Crucial for Your Success

| Business Productivity, Uncategorized | No Comments
In the digital era that we live in, we cannot overemphasize the significance of an IT provider for the different aspects of your business. It is impossible to start or operate a business without relying partly on IT services and support. It is a challenge to stay competitive in your industry if you do not have a trusted IT person or managed services provider by your side. Ways of Getting IT Support There are different ways to get the IT support you need for your business. Each method has its pros and cons, and the choice will depend on your…