How Local Government Can Reduce Cyber Security Risks

How Local Government Can Reduce Cyber Security Risks

Local government cyber security is facing a serious epidemic that threatens to drain funds, upend budgetary assumptions and leave communities without the services they have come to rely on. This epidemic is none other than cyber crime and the problem is growing worse with each passing year.

As the private industry beefs up its cyber defenses and employees become more cautious about clicking links and answering unsolicited phone calls, hackers have changed their tactics and targeted a new class of victims – local government.

The statistics speak for themselves.

Cyber Security Statistics for 2020

Unfortunately, government agencies are now the most frequently targeted organizations, suffering more than 15% of all cyber-attacks in 2020. Cyber criminals know that a successful cyber-attack on a local government will have an outsized impact, and that can increase the odds of a payout.

For example, when the city of Atlanta was targeted with a ransomware attack, millions of ordinary citizens were impacted for weeks while employees and IT experts struggled to bring their systems back online.

Ransomware in particular is an insidious problem and infections are spreading rapidly. In 2020 alone there has been a nearly 50% increase in the number of ransomware variants in the wild, making it difficult for non-IT experts to protect themselves and their systems.

Local government cyber security
In just the past year, cybercrime has affected a number of local communities including large cities, small towns and even unincorporated rural areas. No one, it seems, is immune from the dangers of cybercrime.

Aside from political upheaval and a global health crisis, 2020 also ushered in a new age of ransomware attacks aimed specifically at municipal governments already struggling under the weight of the COVID-19 pandemic.

Cyber Threats: Obstacles Local Government Organizations Face

Cyber criminals are well aware that local government organizations often lack the resources to fully protect themselves from known and emerging threats.

Some of the challenges municipal organizations face include:

  • Limited budgets and lack of funding: Local governments often lack the resources for a robust cyber defense which leaves them vulnerable to hacking and ransomware attacks.
  • Lack of IT expertise: Few local governments have dedicated IT staff in place to resolve vulnerabilities or offer security recommendations.
  • Insufficient cyber awareness: Municipal staff are skilled at what they do, but similar to the private sector, employees lack the training, knowledge and awareness to distinguish legitimate emails from phishing attempts.

Maintaining Personally Identifiable Information (PII) Compliance

While it is important for local governments to prevent losses, PII compliance is also a consideration.

  • Municipalities can be held liable when someone within their organization becomes aware of an issue and the organization fails to take action.
  • For local governments that accept credit card payments, PCI compliance is vital. Many municipalities fail to comply because they are unaware of how this type of compliance works and why it is so important.
  • Using a free email service like Hotmail or Gmail can put local governments at risk. If these email systems must be used, proper tracking technology is essential. Every piece of email that flows through the municipal system, no matter what the platform, must be carefully tracked and archived.
  • Care must be taken when publishing agendas, meeting minutes, resolutions and other information online so this information is freely available and accessible to the public.

The 3 Most Common Ransomware Attacks

The details surrounding cyber-attacks vary greatly which makes prevention particularly difficult since the game is always changing. Three of the most common ransomware to watch out for are Ryuk, CryptoLocker and Cryptowall.

Should You Pay the Ransom?

With any luck, your municipality will never suffer a ransomware attack, but if you do, like so many others, you’ll find yourself with an important decision to make.

Should you pay the ransom, or should you refuse the extortion attempt and work to rebuild your systems from backups and other available resources?

At first, paying the ransom may seem to be the path of least resistance, but there is no guarantee that payment will end your problems, or even get your files back. You are dealing with criminals after all.

Some hackers will destroy your data just because they can, even if the ransom is paid. Even if you do pay and get the decryption key, the attackers might only give you 80% of your data back – or perhaps nothing at all.


 

But consider this: paying the ransom may actually harm you more in the long run.

When you pay the ransom and get the decryption key, that key could actually contain a beacon that leaves what hackers call ‘breadcrumbs’.

These breadcrumbs identify you as a ‘known payer’ and basically flag you as an organization that is likely to pay the ransom a second time. Before you know it, a few months down the road they send out another piece of malware that searches for the beacon and they target you all over again.

Does Cyber Liability Insurance Help?

Even if you have cyber liability insurance, paying the ransom and filing a claim will drive up your premiums and hurt your budget in the process.

If you want to protect yourself and your citizens, we encourage you to contact Ontech Systems to assess your vulnerabilities and take appropriate action.

The Average Financial Loss

The results of cyber-attacks can be devastating for local governments and the communities they serve. A single cyber-attack can disable systems for weeks on end, leaving those who rely on local government services scrambling for assistance in an already trying time.

For local municipalities, the losses can be devastating. In the last few years, the average ransomware payment has nearly doubled, and that trend is only accelerating. Hackers go where the money is, so naturally this has led to a significant increase in ransomware attacks on local governments.

How Local Governments Can Prevent Cyber Attacks

In short, prevention is the key. Recovery from a ransomware attack or cyber breach can take months and cost millions of dollars, and no local government wants to be put in that position.

If you want to protect your local government organization from the growing danger of cyber-attacks, consider these 8 steps to get started.

1) Data Backup: Become Ransomware Proof

One of the best ways to guard against data loss in the event of a ransomware or cyber-attack is by creating a robust data backup plan.

2) Managed Security Services

Consider managed security to reduce risk and uncover potential vulnerabilities before they become serious threats. Ontech Managed Security includes a ransomware guarantee as long the solution is running on your network.

3) Take a Proactive Approach

Take a proactive approach to antivirus protection and systems patching, either through a managed IT service or on a regular basis manually.

Be prepared for future compliance regulations. More compliance is expected to be coming down the pipeline, so taking steps toward securing your network now can ensure you’re protected and not vulnerable to fines or violations down the road.

4) Regular Risk Assessments

Conduct a third party network security assessment. Ontech recommends regular network risk assessments every 1-2 years to maintain a secure local government network.

5) Clear Separation between Network Components

Confirm there is a clear separation between servers, networks and environments. Separating the various aspects of operations can be critical to mitigating damage should a cyber-attack occur.

6) Cyber Security Basics

Don’t overlook low cost solutions and cyber security basics to avoid potential threats. Some actions, like requiring strong passwords, security awareness training or limiting employee access require little to no investment. Use this cyber security checklist as your guide to protection and compliance.

7) Cyber Liability Insurance

Purchase cyber liability insurance to protect your organization, your employees and the people you serve.

8) HIPAA Compliance (Where Applicable)

If your local organization has a health department, ensure they are HIPAA compliant. HIPAA compliance is a big deal for local governments with dedicated health departments.

More Than Just Monetary Damage

In a growing number of cases, the perpetrators of ransomware attacks are now corrupting databases, erasing critical files and wreaking havoc on municipal networks, all while they await their ransomware payments.

The result is often millions of dollars in financial losses, along with thousands of invaluable, confidential records.

By the time the ransomware payments are received, often in untraceable virtual currencies like Bitcoin, extensive damage has already been done, and some of that damage may be irreversible.

For this reason, we always encourage local governments to take a proactive approach to fighting cybercrime. It is not enough to wait until the demand has been sent; mounting a robust cyber defense now is more important than ever before.

Whether you need assistance evaluating your network or you have questions about local government IT services in general, please feel free to reach out to our support team online or by phone at 262-522-8560.

6 Best Practices When Working from Home

6 Best Practices When Working from Home

The way people work has changed dramatically in recent months. As the coronavirus crisis raged on and lock downs went into effect, employees everywhere were sent home in droves.

Armed with their laptops and some rudimentary training, that new army of telecommuters were left to their own devices, forced to set up home offices, act as their own tech support and somehow protect the intellectual property of their employers. Is it any wonder targeted phishing attacks and ransomware demands came rolling in?

Cyber security awareness month

The simple answer is no, and now businesses are seeing the results. Now that the dust has settled, it’s time to revisit the best practices that can make working from home safer and more secure. And since October is Cyber Security Awareness Month, now is the perfect time to introduce and reinforce those lessons.

Best Practices for Working Remotely

Here are six best practices all home-based workers can follow to secure their data while working from home.

1) A Secure Internet Connection

When you work from home, you are entirely reliant on your internet connection, and the safety of the data you work with is only as good as the security of your connection. If you want to work safely at home, you need a secure internet connection that is safe from prying eyes.

Work from home employees should ideally use a virtual private network (VPN) or a LogMeIn product to connect to the company network. These products create a secure tunnel through the internet, protecting intellectual property and proprietary data from unauthorized access.

2) Control Access to Company-Owned Devices

Access control is critical for all home-based workers, but maintaining that control can be difficult. In office-based environments access control is relatively easy, but at home there are roommates, spouses and children to worry about.

It is important for businesses to secure the devices home-based workers will be using. They can build in automatic screen locks, robust passwords and other safety measures. Encrypting hard drives and changing from default passwords and multi-factor authentication are additional steps businesses can take to protect work related devices – regardless of what environment they are used in.

3) Determine the Access Devices Have to the Business Network

The devices your home-based workers use will obviously need access to both the internet and the company network, but the level of access they are granted matters a great deal. Allowing those devices too much access or a higher level of access than is absolutely necessary is extremely risky.

It is best to follow the principle of least possible access when it comes to connected employee devices. Workers in the accounting department, for instance, do not need access to files created by the marketing team.

4) Consider the Endpoint

Security for home-based workers is a multifaceted issue, and it demands a multifaceted approach. If you want to keep your workers and data secure, you need to make sure the endpoint is properly protected.

If you have adopted a bring your own device (BYOD) strategy for your remote workforce, you will need a plan to secure those devices, including applying updates and running antivirus and anti-malware software. If workers are using company-provided devices, you will need a plan to keep those devices secure and up to date as well.

5) Backup Your Data – and Test Your Backups

No matter where your workforce is located, it is critical to back up your company data on a regular basis. If you do not have a solid backup plan in place, you are living on borrowed time, and sending your workers home will make an already bad situation that much worse.

It is vital that you have a backup plan in place that includes daily backups, real time backups for your most vital files and ongoing testing of the backups you create. It is not enough to have those backups; if you want to protect your business, you need to know those backups are working the way they should.

6) Keep Business and Personal Devices Separate

When employees are working from home, there is a strong temptation to simply use the devices they already have. Some companies have reinforced this, drawn by anticipated cost savings and other supposed benefits. Even so, there are real reasons to keep business and personal devices separate, including enhanced security and a reduced risk of outside intrusion.

If you are looking for an easy way to enforce that separation, Maas 360 could be the answer. Maas 360 is a product designed to handle mobile devices and laptops, and once the solution is implemented you will know what is happening with everything installed on that device.

Whether your kids installed software for their online classes or your spouse downloaded a sports betting app, Maas 360 will make the appropriate adjustments.

A remote, home-based workforce can have a number of benefits for your company, but there are risks as well. Hackers are already targeting telecommuters with phishing attacks, and the problem is only expected to get worse.

If you want to protect yourself and your remote workforce, utilize these six best practices and contact us if you need guidance or support.

Ontech’s support team is standing by to ensure your workforce and IT network can remain secure during this challenging time. Call 262-522-8560 with questions or to get remote workforce support today.

9 Proven Ways to Secure Your Website

9 Proven Ways to Secure Your Website

With the hot topic that cybercrime has become today, you may have diligently followed our cyber security checklist and established a data backup plan, replaced outdated servers and engaged in security awareness training for employees.

But often times, an overlooked aspect of IT infrastructure is your website security. Quite often, business websites don’t reside on a local network, but instead at a third party managed hosting provider.

A common mistake is the assumption that by choosing a reliable hosting provider, your website is by extension secure.

Many modern-day websites are built using content management systems (CMS) like WordPress or Joomla.

But when it comes to software, a “set it and forget it” approach leaves your website vulnerable to security risks. Cybercriminals know that CMS installations like WordPress that make up about 37% of websites today.

Naturally, they constantly look for ways to exploit this. But regardless of what software or programming language your website utilizes, these security measures can help you enhance the security on your website. Here are nine proven ways to boost security on your website.

1) Use an SSL Certificate

The use of a SSL certificate creates a secure environment for both visitors and website owners. In technical terms, a SSL certificate is a small digital file that enables an encrypted connection. Without it, visitors run a higher risk of getting their data stolen. It’s similar to putting a letter in an envelope before mailing it.

If you want to know if your website is using an SSL certificate, just look at the URL; if you see a padlock icon in the browser bar, there is an SSL certificate installed successfully. If not, you either don’t have an SSL installed or there are unsecure elements on your page that are not referencing the secure URL.

2) Ensure Regular Backups are completed

Most web hosts include daily backups and in most cases, those backups take place on a daily basis. If you need more frequent backups, you can adopt an additional backup plan to keep your website and its content protected. If you frequently update your website, it’s a good idea to have more than one backup run on an hourly basis so you can quickly restore the website without losing your work.

3) Use Secure Usernames and Passwords

If your website is running on a CMS, one of the best ways to secure your website is by using strong usernames and passwords. Opting for a totally unique username rather than ‘admin’ can go a long way. Long and complex passwords that are changed frequently are best. This applies to your hosting account as well, but let’s not forget your domain provider.

Hackers have been known to target popular registrars like GoDaddy and once they gain access, they’ll redirect your website to another unscrupulous site without your knowledge. Many web hosts and registrars now offer multi-factor authentication for added security.

4) Delete Unnecessary Users

When a staff member is terminated, it might be easy to overlook all the areas of access they had as an employee. Your first thought might be to restrict their cloud access to important business documents, but if the employee had login access to the website (at any time), don’t forget to remove their user account.

Unscrupulous motives aside, if that staff member got in the bad habit of using the same login details over and over, this could present a huge security risk for your website. With just a little research, a hacker could compromise their email, trace it back to your business website and sell those credentials on the dark web!

This is why every business should have a process in place to remove employee access whenever a change in employment status takes place. Ideally removal of access should take place before the separation, but at the very least, access should be removed the minute the former employee walks out the door for the last time.

5) Exercise Precautions with Uploaded Files

There may be times when employees, customers and others will need to upload files to your website, but you should exercise extreme caution before allowing those uploads to go forward. Scanning potential uploads for viruses and other malware is essential, as is vetting the individuals and entities that plan to do the uploading.

It is important to have a formal plan in place that details things like who is allowed to upload files, what kinds of files can be uploaded and how those uploads can be monitored and secured.

Website development

6) Select Reputable Website Hosting

While it is possible to host your website on your own server, if you lack the capabilities for server maintenance and don’t want to outsource it, you could opt for an external web host. If you need a reliable hosting partner with an excellent reputation and robust security measures in place, contact Ontech Systems for a recommendation.

7) Install a Security Plugin

There are a variety of security solutions available on the market today that can enhance the security on your website. If your website runs on WordPress, consider installing a security plugin like Wordfence. Another option is a solution like Sucuri that offers security measures like website firewall, backups, DDoS protection, malware removal and more.

8) Keep Software and Plugins Up to Date

Installing software to protect your website and enhance security is only the first step. If you want to keep your website secure, updates should be installed as they become available. Many solutions have an auto-update option available since updates are released frequently to combat cyber threats.

9) Enable Spam Protection

Unsolicited emails containing infected links are one of the major cyber threatsthat businesses face today. All it takes is one click by a single employee to infiltrate the entire network if the proper security measures aren’t in place. Since many hacking attempts originate via unsolicited emails, solid spam protection is an absolute must.

If you want to keep your website protected, you can use strategies like Google recaptcha or plugins like Akismet for comment spam on WordPress. Securing your website can be tricky, but you don’t have to face it alone.

For over 8 years, Ontech has partnered with Net Success Marketing to provide our company and clients with a full spectrum of website design, development and digital marketing services.

Whether you need assistance migrating to a new web host or you want to enhance security on your website, we can provide you with guidance on all aspects of IT security to keep your business and website safe from cyber threats. Contact our support team today to get started.

Understanding the Dark Web: How to Protect Yourself

Understanding the Dark Web: How to Protect Yourself

Thanks to the COVID-19 pandemic, Zoom has gained some significant recognition and popularity in the past few months.

Remote workers are using software solutions like Microsoft Teams and Zoom to conduct meetings and keep in touch with coworkers. Since Zoom is free, along with the rise in popularity came little-known security implications.

cybercrime, hacking and technology concept - male hacker in dark room writing code or using computer virus program for cyber attack

Did you know, for instance, that a staggering amount of Zoom accounts were stolen, and these compromised accounts are now for sale on the dark web? This massive data theft impacted the email addresses and passwords of thousands of Zoom users, maybe even some at your company.

What is the Dark Web?

In simple terms, the dark web is the internet that exists underneath the commercial internet, a smorgasbord of anarchist websites, illegal drug sales, child pornography, illicit gun sales and everything else you can think of. In essence, if it is illegal, immoral or dangerous, it is probably for sale on the dark web.

Beyond the exploitation of the children and illegal arm sales, there are literally millions of stolen credentials for sale on the dark web like credit card numbers, bank accounts, email addresses, passwords and more. This personal information includes data harvested from data breaches and implanted malware, Social Security numbers stolen through phishing attacks and of course the Zoom accounts that were recently appropriated and put up for sale for less than a penny each.

If your company was part of the well-publicized Zoom breach, employee credentials could be waiting for a buyer on the dark web.

Is the Dark Web Illegal?

You might think that something as nefarious and clearly dangerous as the dark web would be illegal, but this is simply not the case. While many of the illegal activities that take place on the dark web, like the trading of certain sexually explicit images and the sale of mind-altering substances, are certainly illegal, the actual platform known as the dark web is not.

The reasons behind the legality of the dark web are complicated, involving subjects like free speech, free expression and the value of technology.

Shocking Statistics about the Dark Web

The statistics involving the dark web and the illicit sale of stolen information is staggering.

In one high profile case, more than $213 million dollars changed hands, facilitating the transfer of illegal drugs. The dark web site involved in those nefarious actions was known as Silk Road, a marketplace for illegal drugs and other contraband. One of the first forums of its kind, Silk Road brought together buyers and sellers from around the globe, functioning in much the same way as any other e-commerce site like eBay.

Fortunately, Silk Road was eventually brought down by authorities, shutting down in 2013, just two years after its inception. Unfortunately, there are plenty of other illegal marketplaces just like Silk Road, operating under the radar and trading illegal goods, stolen personal information and much more.

Since the takedown of Silk Road, federal agents have gained some ground, taking down another large marketplace called Alphabay in 2017. What once seemed like an endless string of dark net takedowns, is now looking like a brief window where marketplace technology outpaced law enforcement’s ability to track it. Today, federal agents have caught up – and based on the rate of successful takedowns, they’re making up for lost time.

What Can You Do to Protect Yourself and Your Business?

From deep scans, to targeted searches for information that may have been compromised, there are steps you can take to protect yourself from the dark web.

Dark Web Scans

If you suspect your data may have been compromised, a dark web scan can do a deep dive into the wilds of the dark web, looking for information concerning your business, employees and your data. These professional scans search for stolen credentials, sensitive business information, credit card numbers, and other data for sale on the dark web.

If your information has been compromised, you can take immediate steps to reduce the damage, including changing impacted passwords, closing unneeded accounts and beefing up security measures on your connected devices and company network.

Dark Web Monitoring

In addition to dark web scans, dark web monitoring can be incredibly helpful. Also known as cyber monitoring, dark web monitoring is an identity theft prevention solution that allows you to monitor your identity on the dark web. If your information is found, you will be notified immediately.

What To Do If You Suspect Your Information is on the Dark Web

The following steps are recommended in the event your data has been compromised.

  1. Change your passwords. Change all passwords associated with the dark web search, including credentials used at other sites. This is especially relevant if you tend to use the same password for multiple websites.
  2. Cancel stolen credit cards. Notify your credit card issuers immediately and let them know your number is for sale on the dark web. Doing so will limit your liability and reduce the financial fallout.
  3. Monitor your accounts carefully. Even if you shut down your accounts, some charges may have already been approved. Monitor your accounts and statements carefully and report any suspicious activity right away.
  4. Report the identity theft and freeze your credit. If your Social Security number is found on the dark web, you need to report the suspected identity theft right away and freeze your credit. Freezing your credit will prevent any new loans or credit cards from being issued.

If your organization has experienced a data breach or you need help conducting a dark web scan, Ontech Systems is here to help. Just contact us online or give us a call at 262-522-8560 and one of our experienced technicians will walk you through the process, from uncovering your information on the dark web to mitigating the damage and protecting your sensitive business data moving forward.

5 Cyber Threats to Watch out for in 2020

5 Cyber Threats to Watch out for in 2020

Source: Sophos 2020 Threat Report

In this day and age, cybersecurity is more important than ever. This year, we’re faced with many older threat strategies that have evolved and adapted to a new landscape and to new targets.

Without a doubt, cybersecurity threats continue to be a problem that can’t be addressed with a single, silver-bullet solution. No matter what size your business, a layered security approach has consistently proven to be the best way to guard against security threats – and that won’t be changing anytime soon.

These are the top cybersecurity threats we recommend companies watch out for in 2020.

1. Malicious COVID-19 email spam, malware and ransomware campaigns

Cyber criminals thrive in times of crisis. Watch out for phishing emails that are engineered to get you to click. In the event you do fall victim to a phishing email, you’ll unintentionally download malware onto your device and your company network. With the remote workforce on the rise, now is the time to be vigilant when it comes to cyber security.

When working remotely, it’s important to enable multi-factor authentication whenever possible. (Both on business and personal accounts). You’ll also want to ensure your internet router is up to date on antivirus protection and that you are using a secure connection.

As a business, it is essential to remind employees to use the same care they would with confidential information as they would if they were in the office.

Personal email should not be used at any time for business related work. Remind employees to shred any confidential information they may have printed on their home printer or avoid printing that information in the first place.

2. Ransomware remains a prominent malware threat

According to Datto’s “Global State of the Channel Ransomware Report”, below are some key statistics that indicate ransomware is one of the greatest threats we’re faced with in 2020.

  • In 2019, 85% of MSPs report ransomware as the most common malware threat to SMBs.
  • The average ransom requested by hackers is increasing. MSPs report the average requested ransom for SMBs is ~$5,900, up 37%, year-over-year.
  • Downtime costs are up by 200% year-over-year, and the cost of downtime is 23X greater than the average ransom requested in 2019.
  • 1 in 5 small businesses have fallen victim to a ransomware attack. On average, businesses who don’t outsource their IT services report facing more ransomware

Ransomware has been with us for quite some time and it is interesting to see how it has evolved.

According to SonicWall’s 2020 Cyber Threat Report, ransomware is now being used to target victims that are more likely to pay the ransom given the sensitive data they possess. In 2019, much of the 187.9 million ransomware attacks were targeted at state, provincial, and local governments in addition to educational institutions.

Learn about the best defense against ransomware and spoofing to protect your network today.

3. Phishing Attacks

According to statistics reported by Small Business Trends, 1 in every 99 emails is a phishing attack. This translates to 4.8 emails per employee throughout a 5 day work week. This is especially alarming considering one wrong click can take down your network without the proper security measures in place.

Phishing emails are one of the most effective tools in a cyber criminal’s “bag of tricks” because phishing has proven to be low cost with a high return. Hackers have developed sophisticated ways to trick victims into surrendering sensitive info such as login credentials, credit card details, and more. Phishing attacks are cheap, effective and easy for cyber criminals to pull off.

One of the best ways to guard against phishing attacks is by addressing users – the weakest link. Security awareness training can aid in helping employees learn how to spot a phishing email.

In addition, it pays dividends to evaluate employee privileges and ensure that each user has access to the bare minimum needed for them to fulfill their job. Learn about more phishing solutions to guard your network against this rising security threat today.

4. Distributed Denial of Service (DDoS) Attacks

While you might be unfamiliar with DDoS attacks, it is a type of cyber threat your IT professional should be well acquainted with. While the methodology of these attacks vary, denial of service attacks are designed to overwhelm network resources so your system can’t process legitimate traffic on your network.

DDoS attacks are often used as a type of distraction, frequently stopped and restarted in order to hide another attack in progress. While your IT technicians are busy addressing the DDoS distraction, the cybercriminal moves forward with their primary attack, similar to how a magician redirects his audience’s attention so they don’t notice how he performed the trick.

5. Internet of Things (IoT) Attacks Are Rising

In 2019, SonicWall reported a 5% increase in IoT malware, totaling 34.3 million attacks. And with a surge of new IoT devices connecting daily, they suggest increases in IoT malware attacks should not only be expected, but planned for.

If you’re not familiar with IoT devices, “internet of things” refers to Wi-Fi enabled devices like speakers, appliances, and alarm clocks. These devices are often overlooked when it comes to security making them easier to compromise.

To prevent this type of attack, it is critical to keep all firmware updated for IoT devices as updates often resolve exploits that were patched by the manufacturer.

There isn’t a “one size fits all” IT solution that is ideal to address DDoS attacks. It is best to contact your IT professional so they can evaluate your cybersecurity strategy as a whole, along with the threats you face, and the resources you have in place.

Contact Ontech’s support team if you notice any unusual activity with heavy server loads or any other type of unusual network behavior.

Our security technicians have extensive expertise in each of these threats and more. Call 262-522-8560 to discuss setting up a layered security strategy for your business. A quick 10 minute call is all it takes to see if we’re a good fit!

Why Do You Need Multi-Factor Authentication?

Why Do You Need Multi-Factor Authentication?

For years, a strong password has been the most basic form of protection for your online accounts, but today, it is no longer enough. In the age of security breaches, chances are good your credentials are among them.

If you truly want to protect yourself and your accounts, you need another layer of authentication. If you are not already using multi-factor authentication to verify your online identity, you may be on borrowed time with a false sense of security. By now, you may be wondering…

What is Multi-Factor Authentication (MFA) and Why Do I Need It?

Multi-factor authentication
Multi-factor authentication requires multiple verification steps.

Although you may not know it by name, you may already be familiar with multi-factor authentication. Many banks and financial institutions have been using MFA for years, favoring its inherent security advantages over the simpler user ID and password combination.

What Are Some Examples of Multi-Factor Authentication?

When multi-factor authentication is turned on, users must enter both their password and a second form of authentication. Depending on the business or institution, this additional authentication measure may be a phone call, an email or a text containing a code. But no matter what the process, access is not granted until that one-time code has been entered.

There are plenty of reasons to use multi-factor authentication, but among the most important is the additional protection it provides. With MFA, if a hacker obtains your login credentials or an identity thief purchases your information on the dark web, that data is useless without a special code.

The good news is multi-factor authentication is now available in a number of formats and platforms, including social media accounts, email and more. Many more organizations are now offering multi-factor authentication to their clients and customers, and in the age of rampant cyber breaches, that number is only expected to grow.

Microsoft and MFA

Software giant Microsoft is fully onboard with multi-factor authentication. The company now enforces MFA on all partner and administrator accounts.

Now that companies like Microsoft have adopted multi-factor authentication, this enhanced security verification has hit the mainstream. MFA is no longer confined to banks and brokerage firms; users are just as likely to encounter it on insurance accounts, email accounts and even social media profiles.

Single vs. Multi-Factor Authentication

Single-factor authentication requires only a username and a password, and while some sites require complicated passwords, others still allow simple credentials that are easy to guess and even easier to crack.

Multi-factor authentication adds an additional layer of security to online accounts, reducing the impact of stolen credentials and making the website far more secure. Even if a hacker has access to both your username and password, that individual will not be able to log on without the one-time MFA code.

With MFA turned on, the hacker would need physical access to the targeted individual’s smartphone or email account. It is this additional verification that makes multi-factor authentication so important, and that is why so many organizations have adopted the technology. If you have questions about securing your online accounts or your business security in general, contact Ontech’s support team online or by phone at 262-522-8560.