Critical Notice – Increased number of stolen credentials -Why Multi-Factor Authorisation is Required

Unfortunately, the number of stolen credentials continue to increase and with the closure of businesses at the end of the year, this is expected to rise again. We recently received several alerts indicating that our customers have had their passwords comprised. Although we’ve dealt with these issues individually, we can’t stress highly enough the need for improved security measures.

The following scenario gives an example of what to do in the event of identity theft, but more importantly—how to avoid or lessen the potential for this situation from occurring in the first place.

It could never happen to you.

You’ve saved up your Annual Leave … you’ve booked your tickets and you’re now finally unwinding from a high-pressure job at the destination of your choice.

Lay back.

Put your feet up.

Relax… you deserve it.

It’s this very moment that you decide that Life is Good when you receive a distressing text message from your work colleague: your email is spamming customers – change your password now!!!

Although you’ve left your smartphone and electronic devices back at work, you will need to make the overseas call to your IT department, prove your identity and then quickly try to resolve the issue.

So, it couldn’t happen to you?

Unfortunately, hackers will try everything to steal your data – including your professional identity—especially if there are less obstacles in their way. So, before you take time off from work, consider what your internal processes are in dealing with such a scenario.

More importantly, think what you can do to avoid this from happening in the first place.

The Australian Cyber Security Centre (ACSC) oversees our national cyber security, has developed the Essential Eight—strategies to protect businesses and organisations from cyber-attacks. While no single mitigation strategy is guaranteed to prevent cyber security incidents, the ACSC recommends the implementation of the Essential Eight as a baseline.

1.Application whitelisting

2.Patch applications

3.Configure Microsoft Office macro settings

4.User application hardening

5.Restrict administrative privileges

6.Patch operating systems

7.Multi-factor authentication

8.Daily backups

This Model “provides advice on how to implement the Essential Eight in a phased approach.
It also assists organisations in assessing the maturity of their implementation.” ACSC

These eight mitigation strategies make it difficult for adversaries to compromise systems. Implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.

As the number of stolen email credentials continues to rise, we highly recommend an Active Directory and Password Security Audit for your external facing systems – this is where hackers can enter your network and where you need to assess vulnerabilities needing to be strengthened. The specifications of the security audit are provided for your consideration. Please contact us to discuss further or if you have any specific questions.

One of the key strategies recommended by the ACSC is the implementation of Multi-factor Authentication (MFA) towards protecting all external facing Office 365 systems. MFA is an authentication method where access to privileged actions or access to sensitive data is granted only after successfully verifying two (or more) pieces of evidence to an authentication mechanism, such as knowledge, possession and inherence.

A familiar example of MFA in action is any ordinary ATM transaction. The customer enters their PIN (unique knowledge) once they have verified their card (possession) by swiping into the reader.

We encourage you to discuss the best MFA solution for your enterprise. CISCO’s DUO offers a strong two-factor authentication and will check that users’ devices meet your security standards before granting them access. Last Pass… a password generator creates long, randomized passwords that protects against hacking. It simplifies authentication and securely connects employees to your network.

If you need more information, please look at our website, or alternatively please give us a call. We will be happy to discuss your needs.

more details:

alltasksIT – MFA

Related blogs

Want to know more? Have a friendly alltasksIT staff member contact you.