If a business offers easy, online access to your sensitive personal records, but the information is only protected by a password, consider saying “no thanks.”
That’s a security tip from the Applied Cybersecurity Division within the National Institute of Standards and Technology, and it’s pretty good advice.
The institute, or NIST, isn’t suggesting that people never access information such as financial or health records online. It’s encouraging consumers to demand that organizations provide multi-factor authentication, or MFA, and encouraging consumers to use the service whenever it’s available.
Hackers have been painfully successful in breaking into electronic files, and they’re getting more sophisticated all the time. That makes MFA needed more than ever.
MFA is a security enhancement that requires someone to provide at least two personal credentials to access an account. A common example is a bank machine that requires both a smart card and a code number for an account to be accessed. Another is a website that sends a passcode in a message to a user’s smartphone or email address. The passcode, as well as the user’s name and password, are required to access the account.
Stronger forms of MFA might require biometric information, such as a fingerprint or retina scan. It all helps.
“MFA helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone,” according to NIST.gov. (Click the image below for a larger version.)
Well-publicized attacks have made it obvious that organizations have to do a better job protecting customers’ files. Consumers should exercise greater caution, too.
Chad Pew, IT manager at SDN Communications, agrees that people should enable MFA whenever it’s available.
Businesses can subscribe to services that offer those types of protections, he notes. In fact, Sioux Falls-based SDN is in the process of implementing a service that will strengthen verification procedures for employees who access the company’s network.
“For businesses, this is definitely something that if they don’t have already, they need to start moving toward and getting implemented,” Pew said.
Los Angeles-based TeleSign, which is in the communication authentication business, commissioned a study that documented the weakness of password practices. For example, more than half of all consumers (54 percent) use five or fewer passwords for all their accounts. And nearly half (47 percent) use a password that hasn’t been changed for five years.
Results of the TeleSign study also indicated that although 80 percent of consumers are worried about online security, only 56 percent were familiar with MFA.
In addition to learning about and using MFA, consumers should use a strong, unique password for each account they have. They also should change their passwords regularly.
Using the same password for multiple accounts and not changing it makes hacking easier. Thieves’ lives are too easy already. They can buy breached account information, including passwords, on the Dark Web. If they get lucky, one password will get them into multiple accounts.
Protected accounts are still hackable, of course. The software might be vulnerable, and people can still be tricked out of providing sensitive information to thieves.
But using MFA makes it more difficult for scammers to get into an account, even when they have the account holder's name and password.
Businesses should provide MFA to their online customers, and individuals should use it whenever they can.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.
SDN Communications has released its fourth series of cybersecurity posters, featuring information about social engineering, the dangers of public wi-fi and more about multi-factor authentication. Click the image below to request free downloads of copies to print and hang at your business.