Two-factor authentication recommendations
According the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center (IC3), cyber thieves stole almost $215 million from businesses worldwide since October 2013. This was the result of a scam that starts when business executives or employees have their email accounts hijacked.
Hacking or spoofing email accounts has been a common fraud technique for many years – even major social media companies have been targets. To protect against this type of fraud, the IC3 recommends that businesses
“Consider additional IT and Financial security procedures and 2-step verification processes. For example –
Out of Band Communication: Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.”
We’ve long advocated for two-factor authentication as a best practice means to help protect against fraud, hacking, and data loss. Risk-based user authentication does not mean that employees or customers are slowed down by cumbersome security procedures. Out-of-band delivery of quickly expiring, one-time passcodes confirms that the person possessing the passcode is the one attempting to access your systems. Multiple authentication vectors ensure high-level security with user-required flexibility and usability.
By analyzing behavior patterns and other indicators, stepped-up authentication can be applied on a “sliding-scale” – increasing security as appropriate based on user roles, risk levels, threat reports, and transaction types. These authentication parameters should be customized in real-time for users both inside and outside your organization, progressively presenting authentication challenges based upon the latest threat assessment.
Recommended For You
Hackers. They steal and sell data, especially at the point of sale and during customer acquisition periods. No customer wants […]
This year has seen its share of data breaches and identity theft. A top concern in this gift-giving season are […]
Data breaches which expose personally identifiable information (PII) are a growing problem in today’s high tech world. With each new protection […]
Companies have spent a great deal of time and money protecting their core systems and infrastructure from cyber attacks — hardening […]