fbpx Skip to main content

Identity Protection: Trust but Verify

By October 26, 2020Security
Trust by Verify: MFA for Security

Employers can spend a lot of time interviewing candidates to work for their company. Certainly, the candidate needs to have the right skills. They need to be able to work with others on the team and serve customers well. But then there is a question that the interviewer is always asking themselves after an interviewee that shows all the right signs of being a great employee: Do I trust them?

What do I mean by “Do I trust them”? Do I give them access to our building? Do I give them access to our internal confidential information? Do I let them represent our company to our clients? Ultimately, am I willing to take a risk on this person and potentially make my business vulnerable in hopes that they will add value to the organization?

Those are big questions. Those are the gut call moments before deciding to extend an offer of employment. But once you’ve chosen employees you trust, how do you protect their identities? How is trust managed day to day for your employees?

Trust in the IT realm is different.

Your technology doesn’t make “gut calls”. Most systems are traditionally set up with username and password authentication. If the entered username and password are correct, the system believes the individual has verified that they are who they say they are.

All of the resources and access you trust that employee with are at the disposal of the person that put in the username and password. Even if they are not actually the person that the username and password belong to.

This is not a pleasant thought, and many avoid thinking about it. But what if what have you trusted them with that can be exploited…by someone else?

User identities & trust can be exploited.

You may have worked with “John” for 30 years and you know the likelihood that he’ll turn on you is less than 1%. You see an email from him, recognize his name, and your guard is lowered because you trust him.

However, what if by mistake John fell for a phishing scam? What if his password was compromised through keylogging, a brute force attack, or a captured password hash? Now, all the resources of your trusted employee are in the hands of someone you do not trust. The attacker has access to the files and information – which is bad enough. But they also have your employee’s good reputation, which in some cases is more valuable than the data.  A successfully entered username and password does not carry the trust of the employee if their account is compromised.

Verify & protect your digital identity with MFA.

I believe we underestimate the value of our digital identity. Because of that, we underestimate the value of verifying and protecting that identity.

Multi-factor authentication (MFA) can be implemented very cheaply and provides a dramatic increase in identity protection. In most cases it is set up for a user to enter their username, password, and a third piece of information. Before they are granted access, they need to approve the login from an app on their phone, or enter a code from a text message sent to them.

To be honest, it is not difficult to get a user’s password if someone wants it. It is much more difficult to get that password and hijack their multi-factor authentication approval.

Having MFA does not eliminate the risk of identity hijacking, but it does greatly reduce it. Yes, it causes a minor inconvenience for employees, but as we weigh this risk, it is worth it. It’s especially worth it for systems that are accessible from anywhere in the world.

Trust your employees, but verify their identities in your systems.

Reach out today if you are not utilizing MFA on your publicly accessible systems. Let us help you protect your digital identity!


Compliance

IT Compliance and Why It Is Important for Your Business

| Business Productivity, Managed Services, Security | No Comments
In running a business, there are a lot of important matters that need to be taken care of. Even if they are not really in line with the core competencies of the business. One such matter is IT compliance. In the last few weeks, we have been talking about compliance and how it is important to your business. What Is IT Compliance? One of our recent blogs gives a brief but enlightening overview of what IT compliance is all about. In a nutshell, it is the process of complying with the rules, regulations and requirements set by a third party, which aim…
Achieving Compliance

Achieving Compliance as a Team

| Business Productivity, Security | No Comments
Before your company can fully comply with all the requirements set by third parties like regulatory bodies and clients, there are dozens upon dozens of tasks that need to be completed. These tasks are spread across different areas of the company and are impossible for just one individual to accomplish. The process of achieving compliance would require a fast and thorough team of compliance specialists. Vital Matters to Discuss when achieving compliance In most cases achieving compliance failures can be attributed to a lack of planning and communication. To avoid these problems, bring your compliance team together right from the…
IT Security

What Is IT Security and IT Compliance?

| Business Productivity, Security, Tech Tip | No Comments
IT security and IT compliance are two essential matters for any business or organization. Many people think they are the same, while others frequently confuse one for the other. They are not the same thing, but when implemented together, they can provide maximum digital safety and minimize the risk of data breaches and other online threats. In this article, we’ll explain which is which and why both require your attention. What Is IT Security? As the term implies, IT security refers to ensuring the security of a company’s or organization’s IT infrastructure. When creating a security strategy for your business,…