1 / 11

RES-Q IT Services- LRGE MULTI FACTOR AUTHENTICATION (1)

Res-Q, is an IT service provider in Perth that dedicates itself to provide the top of the line IT consultancy services to Claremont and Western Suburbs.<br><br>Contact us now @ (08) 6555 6500 or sales@res-q.com.au!<br>Alternatively you can visit us online at https://res-q.com.au<br>

RESQITSERVICES
Download Presentation

RES-Q IT Services- LRGE MULTI FACTOR AUTHENTICATION (1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DON’T RISK IT! multi-factor authentication will save you MORE THAN JUST a headache ... LEARN MORE

  2. contents WHAT IS multi factor authentication | MFA 3 2 factor authentication | 2FA 4 case studies 6-9 MYOB - when 2fa fails 6 email security 7-8 tesla purchase 9 IS MFA GOING TO SOLVE ALL MY SECURITY PROBLEMS? 10

  3. WHAT IS MULTI-FACTOR AUTHENTICATION? Multi-Factor Authentication MFA is when you use two or more methods other than your password to verify access to a resource such as email account or access to an online portal. For example, most banks will send you a code via text or use a security token that generates random codes every so often to make sure your account and transactions are safe. Multi-Factor, as the name suggests, means you provide more than one security factor to secure access, such as: Knowledge You provide the system with the secret answer to the question you set up Possession You provide the code using another device you own Inherence You confirm your identity or transaction using Face, Voice or Fingerprint recognition (08) 6555 6500 | SALES@RES-Q.COM.AU 3

  4. 2-factor authentication why is it important? The IT world is rapidly evolving. Just a few years ago, some customers demanded to have no passwords or the easiest way to access their computers. Having an extra layer of security is not just making you compliant, but also guarantees confidential data won’t end up in the hands of a cyber criminal. However, since we have seen unprecedented growth of cyber crime, adding another method other than the password to combat weak passwords, data breaches and phishing attacks was inevitable. 2FA Examples 2-Factor Authentication (2FA) is one added method to login to your account other than your password. While usually it is enough to have just one extra step to identify and confirm your identity, some companies require more than just one extra step for verification purposes. A Password plus EITHER: » Text MessagE » Secure Token Code » Email Code confirmation (08) 6555 6500 | SALES@RES-Q.COM.AU 4

  5. CASE STUDIES – WHEN 2-FACTOR AUTHENTICATION FAILS – EMAIL SECURITY – TESLA PURCHASE Following are examples of potential security breaches due to a lack of multi-factor authentication protocols. CYBER SECURITY IS MUCH MORE THAN A MATTER OF I.T. STEPHANE NAPPO

  6. 01 case study myob accounting software when 2fA FAILS Issue This customer had set and 2 Factor Authentication password for MYOB accounting software, however, the email authorisation was configured on the same computer. The password was saved under Password Manager and required sign in using the code sent via email on the same device. If a third-party gains access to this computer, there is a risk of unauthorised access to sensitive business data. Solution 1. Change the computer policy to lock the computer with a password after 10 minutes when idle. 2. Change second authentication method to Authenticator App 3. Use the option below “Trust this device for 30 days” to allow MYOB to use the unique hardware ID as the second factor authentication to login to the database. (08) 6555 6500 | SALES@RES-Q.COM.AU 6

  7. 02 case study email security phishing attack Issue Inadvertant provision of email address and password with no MFA to deter remote access to emails. Situation Person A received an expected invoice from a business associate for a project they were working on, with a note: “Please update our bank details before making payment of this invoice”. Person A sent an acknowledgement email to the business associate. The invoice was paid. The account and project were closed. A month later Person A received a call from that business associate asking for payment. Person A called the IT company that happened to be next door to investigate a potential security breach. As it turned out, two weeks prior, the business associate received an email from a Person B with the following message: OneDrive Document > “Person B Name” you have a document to review XX/XX/XXXX Upon clicking on the link, they were presented with a website that looked like Microsoft. Without knowing, the business associate entered the email address and password. The password did not work. (08) 6555 6500 | SALES@RES-Q.COM.AU 7

  8. The business associate sent an email back to Person B stating that they were unable to access the document and forgot about it. As per the investigation, the “reply-to” email address of Person B was tampered with and was never delivered to the intended recipient. The email account of the business associate was later accessed from another country. This action is almost untraceable since the hackers mask their IP address using VPN tunnels. Since no MFA was enabled, the hacker accessed the email account using just the password and was able to read all the correspondence and project emails. The hacker creates rules to delete emails received from Person A. As a result, the business associate never received the acknowledgement email sent by Person A. Solution This one is hard since your account could be very well secured. And still, your correspondence could be compromised. Not every small business can afford to hire a professional company to do an IT audit of your systems and processes. However, there are steps you could take today to protect your data and emails from unauthorised access: 1. Make sure you have DNS Protection in place. It could detect up to 99% of phishing links preventing you from unknowingly passing your information to a hacker. 2. Set up Multi-Factor Authentication for your business. 3. If you pay someone via bank transfer, ensure there is a change request form sent via post or verified by a phone call to account receivables. 4. Make sure you have a Cyber Protection Insurance. 5. Have your online data backed up. That includes your emails, DropBox storage, Google Drive and SharePoint sites. (08) 6555 6500 | SALES@RES-Q.COM.AU 8

  9. 03 case study tesla purchase unauthorised access to emails Issue The use of an email account that doesn’t support MFA and giving unauthorised access to your personal computer. Situation Our customer found the Tesla car of their dreams. They placed an order on Tesla’s website and received an email confirmation for their order. Soon after, the customer received an email with the invoice from Tesla. The company allows the customers to pay for the car using EFT or Bank transfers. The customer pays the invoice and shortly afterwards calls Tesla to confirm the delivery of the vehicle. To their surprise they are advised that the payment has not been received. After a week of waiting, they suspected that there was a problem. After confirming the details, they realised that the invoice they received was not from Tesla but from someone who had maliciously accessed their free email account. Some time prior this event, the customer had accepted help from a group of unknown people to assist with a Bitcoin purchase. The customer allowed remote access to their Apple Mac from what, in hind sight, was a scam. scam payment email Solution There are steps you could take to protect from this type of attack: 1. DNS Protection can block remote access programs that are not allowed 2. If the email provider has no MFA enabled, make sure that your email password is not the same as your Internet Connection Authentication username and password. 3. Move your emails to Microsoft or Google and enable Advanced Security such as MFA or 2FA. Disable access to Less Secure Apps. 4. You can redirect your current emails to the new system. 5. Never allow someone you have never met or heard of access your computer. 6. Lock your computer when not in use. 9

  10. will MULTI-FACTOR authentication solve all my security concerns? The same as the alarm system for your house or car, Multi-Factor Authentication provides an extra layer of protection that makes it more difficult for hackers to access your data and systems. Same as for your household, we must ensure the doors are always locked when you leave the house, but it does not mean that it will keep the intruders out. As a simple guide, follow the triple “C” principles: Compliant Make sure your systems are up to date and all software updates are installed Cautious Whenever you suspect something is out of the ordinary, give your IT support a call Calm If there is an “ACT NOW” request, be calm. Don’t be coerced into doing what the scammers want you to do. Think it over. It doesn’t need to be acted on immediately. Stay alert and make sure you have the protocols in place will ensure you stay on the top of the game. We prefer that our clients call or email us if they become suspicious of an email they received, rather than dealing with the consequences of a phishing attack. 10

  11. contact us to improve your cyber security (08) 6555 6500 | SALES@RES-Q.COM.AU

More Related