SECURING YOUR IDENTITY
Cyber-attacks are now more persistent, frequent and sophisticated resulting in denial of service, exploitation of systems and stolen business information. One compromised identity in the chain can lead to a catastrophic data breach. A recent phenomenon is the rise of valid email accounts being hacked into and used to generate and distribute fraudulent email.
ARE YOU REALLY WHO YOU SAY YOU ARE?
Now more than ever, organisations need a high level of assurance that users are who they say they are. Adversaries frequently attempt to steal legitimate user or administrative credentials when they compromise a network.
‘Multi-factor authentication is one of the most effective controls an organisation can implement
to prevent an adversary from gaining access to a device or network
and accessing sensitive information
Multi-factor authentication provides a secure authentication mechanism
that is not as susceptible to brute force attacks as traditional single-factor authentication methods.’
The Australian Cyber Security Centre
Australian Government’s lead on national cyber security
Multi-Factor Authentication (MFA)
Without MFA antivirus software, firewalls, encryption technology, and vulnerability tests can be bypassed.
MFA is a security enhancement requiring users to present two different pieces of evidence when logging in to an account.
Your credentials fall into any of these three categories:
- 1. something you know (e.g. password or PIN)
- 2. something you have (e.g. smart card)
- 3. something you are (e.g. fingerprint).
Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.
You already use MFA (or two-factor authentication or 2FA) if you’ve:
- swiped your bank card at the ATM and then entered your PIN (personal ID number)
- logged into a website that sent one-time numeric code to your phone, which you then entered on the next screen to gain access to your account.
As a customer you have the assurance that you are logged into a secure environment to carry out your transactions. It’s as easy as that!
SECURE AND CONVENIENT AUTHENTICATION
So how do you get a high level of assurance to verify the identity of every user yet remain agile?
You need a secure access solution that won’t slow users down and can provide them with a common and convenient experience to any application, when accessing your products and services from any device.
Agile solutions that also meet strict security & compliance standards
We use Office 365 as it is verified to meet the requirements of security and compliance certification to Australian standards and throughout the world.
In addition, Office 365 gives you enterprise-grade user and admin controls to further secure your environment.
Microsoft has invested billions of dollars in cloud security, so people like you and me who are running small to medium businesses have convenient IT access and confidence of verifying the authenticity of our customers.
Security training on policy and procedures
While employees will always be a main concern, organisations have a growing need to provide third parties access. Contractors, partners and customers all need access, for a variety of reasons and all with different preferences and requirements.
Most cyberattacks begin by compromising an end user often via phishing attacks. Unfortunately, most organisations have not sufficiently trained their people to recognise or mitigate against potential risks. A recent report by Mimecast report showed that only 45% of organizations provide employees mandatory, formal cybersecurity training and that only one in four are not aware of common cyberthreats, such as phishing and ransomware. Even those organizations that require formal security training only do so sparingly: 6% conduct sessions monthly, 4% quarterly and 9% only when onboarding a new employee.
Essential 8 Mitigation Security Strategies Recorded Webinar
How alltasksIT can help
We have been trusted to help you with building your business, now let us help you protect your assets and everything you have so hard for. We can train your staff on proper IT use and provide you with the most reliable and effective controls to prevent an adversary from gaining access to a device or network.
We specialise in: