Multi-Factor Authentication

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Multi-Factor Authentication"

Transcription

1 Making the Most of Multi-Factor Authentication

2 Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to the company and creating potentially devastating impacts for people whose personal data was among that which was compromised. In fact, the average cost to corporations and other entities of a data breach continue to climb, reaching $6,156,540 USD in Q4 of (Navigent, p. 7) Given the high costs attached to data breaches, is there a cost-effective and reliable method for reducing such breaches, or even possibly eliminating them all together in your own organization? This white paper examines this question by first looking at ways in which data is breached before moving on to a discussion of authentication in general and multi-factor authentication in particular. The average cost to corporations and other entities of a data breach continue to climb, reaching over $6 million by the end of 2012.

3 Once More Unto the Breach The first step in figuring out how to prevent data breaches is to understand a little about the different attack vectors that data thieves use to get access to data. Such vectors include things like viruses, hacking, unauthorized access, loss and theft of physical devices, and improper disposal of data storage devices. Viruses Viruses are small computer programs that are installed onto a host computer or network by data thieves and other bad actors. Although the goal of installing a virus is not always the direct theft of data viruses are often used only to do things like send spam s from the host computer, for example examples certainly exist of viruses that enable the attacker to completely control the host system and thus have complete access to all data stored in that system. Hacking Hacking (in the popular usage of the word; otherwise cracking is more correct) is an attempt to gain unauthorized access to a network or other resource by doing things such as trying to manually guess passwords, using software to quickly attempt to automatically guess multiple passwords over a short period of time, etc. Hacking or cracking is often made easier by the fact that people tend to be very unoriginal in their choice of passwords the password password has long been one of the first things a cracker will try when trying to compromise an account, for example.

4 Unauthorized Access Unauthorized access generally occurs when personnel inside a company are able to access data to which they do not legitimately have permissions. This can happen when internal security controls are insufficient in terms of standard practice or scope, allowing people to see data for which they re not authorized, or even accidentally when, for example, a user who is so authorized forgets to log out of a terminal and thus leaves access for the next user to come along. Loss, Theft and Improper Disposal Similarly, loss, theft and improper disposal of devices containing data (backup tapes, hard drives, laptops, etc.) also can allow unauthorized access to data, particularly if it has not been encrypted as was the case with TD Bank, which late in 2012 announced that it had lost two database backup tapes containing unencrypted client data. (Bangor Daily News) Of course, there is no way to protect unencrypted data that s been lost but even if a lost device is password protected, it is still subject to cracking and decryption attempts if it falls into the wrong hands.

5 Proving Yourself Quite obviously, if an unprotected device containing unencrypted data is lost the data must needs be considered as having been breached. But what about the other kinds of breaches we ve discussed? What prevents, or attempts to prevent, successful hacking attempts or unauthorized access? We all know the simple answer to this: You authenticate by logging in with your username and password, you ve proved who you are to the system, and you re allowed access to the appropriate resources. There s a problem with that paradigm, though: As hackers have grown more sophisticated and computers have grown ever more powerful, passwords tend to be either easily guessed by the hackers or easily cracked by a computer. (Briggs) Since passwords are indeed subject to being compromised, is there a way, then, to make authenticating yourself to the system more foolproof? Let s step back for a minute and consider again what authentication is: Proving your identity to the system. In the single-factor form of authentication that is the username/password model, you re proving yourself by telling the system something that only you are supposed to know: Your password. The trouble, as we ve seen, is that as soon as someone else knows that password they look just like you to the system in fact, as far as the system is concerned, whoever knows your password is you. The trouble with single-factor authentication: As far as the system is concerned, whoever knows your password is you.

6 It s Not Just What You Know But are there other forms of authentication? Couldn t one authenticate to the system i.e., prove who they are -- by means other than something they know? What about using something they have? Or ultimately, perhaps, even something they are? In fact, requiring more than just something you know is at the heart of what multi-factor authentication is: It requires you to furnish not only something you know, but also something else the something you have, for example. Although its occurrence as something of a buzzword is relatively recent, multifactor authentication has been around for a very long time and in actuality, it s safe to say that you ve probably used multi-factor authentication many times in your life without even thinking about it. Consider, for example, using your debit card to withdraw cash from an ATM. Authenticating yourself to the ATM requires not just something you know your PIN but also something you have, since you are required to physically insert your card into the machine. Have a PIN but not the card? No cash for you. (ASPG, Got multi-factor authentication? ) Of course, requiring the something you are factor in multi-factor authentication is the ultimate in security think retinal or fingerprint scans but such an approach is very often not practical other than in physical locations that require very high levels of security and access control. Data centers and server co-location facilities will typically have some sort of fingerprint scanning system or other something you are authentication system to enter their facilities but a corporation issuing all its users personal fingerprinting devices hooked up to local machines simply isn t feasible.

7 Putting It Into Action With these basic understandings in place we can now look a little more carefully at ways in which multi-factor authentication can be put to use. We ve already mentioned the classic use-case of ATM machines, and in fact this kind of multi-factor usage is viable for just about any scenario where a user might need to authenticate at some or all of various different locations. Smartphones and other devices capable of receiving SMS or text messages are another way of enabling multi-factor authentication through the something you have factor. In this method, whenever a user attempts to take a certain action logging in from a location that the system doesn t recognize, for example a text message is sent to the user s phone containing a one-time PIN number that the user will enter to authenticate themselves. This method is quite common and is currently used by Google, Twitter, Facebook, Dropbox, and many others, and works because even if a user s password has been hacked the hacker is almost certainly not also in possession of the user s phone. Text messages are another way of enabling multifactor authentication - a method used by Google, Twitter, Facebook, Dropbox and others.

8 Putting It Into Action (cont d) Those big-name companies have taken the multi-factor step to improve their security and to help prevent data breaches because their size and popularity make them very big targets for hackers. But financial institutions and other organizations for whom a breach would be costly and again, remember that the average price of a data breach is now over $6 million should also be looking at ways in which they can up their multi-factor authentication game. One corporate area stands out in this regard: Password resets. This is so because even if a hacker is unable to figure out a working password with which they are able to gain access to a system, they often still have one more longshot available to them: Hopping on the phone to a Help Desk and, pretending to be the user, asking for a password reset. It sounds improbable, or maybe even impossible and yet, in the high-profile case of Wired writer Mat Honan, that is exactly how hackers managed to get access to his iphone, his Mac Book, his Google Account, his icloud account, and his Twitter account. (Honan)

9 Automatically Better Having an automated password reset system goes a long way towards preventing that kind of a social engineering attack. Remember that Help Desk employees are human, too, and by and large they want to fulfill their mission of helping people which, as it turns out, largely involves performing password resets for users who phone in. With an automated system in place, bad actors (and in this case, hackers really are actors!) are unable to talk a Help Desk staff member into giving them a new password. Furthermore, many current systems, instead of relying on something you have to authenticate against a lost password, fall back onto another form of something you know : the challenge question-and-answer method. This method is, perhaps unsurprisingly, not very secure: People frequently either pick questions with answers that are often easily guessed ( What city were you born in is a classic example) or else, as was the case with icloud and Mat Honan, the authentication answer is public and easily found in Honan s case, it was the partial digits of a credit card number that were publicly displayed on Amazon.

10 Automatically Better (cont d) Adding proper multi-factor authentication on top of automating the password reset system helps to lock your system down and to make unauthorized access even less likely. Given the proper toolset, putting multi-factor authentication into practice is also easily accomplished and highly cost-effective. The aforementioned phone messaging is a great way to implement, given the ubiquity of phones capable of receiving an SMS message. s are another way to go for authenticating, but because they typically don t require a physical device to access -- there s no something you have, in other words they should not generally be considered as secure as a phone or some other type of separate authenticating hardware. Yet a further benefit of making a user s phone an authentication factor for password reset is the ease with which the entire password reset and synchronization model can be put into place. Instead of setting up the system by giving all users an initial default password to come and change, the users a good percentage of whom are likely never to come and change the default instead are tied in by their cell phone numbers, which obviously will be unique to each user and tied, again, to something that only they have allowing for automated, secure multi-factor authentication when the day comes that they need to reset their password. Adding multi-factor authentication on top of automating the password reset system helps to lock your system down and to make unauthorized access even less likely.

11 Wrapping It Up Data breaches are costly, and owing to chains of events (like laptops taken home that then are physically stolen, for example) are sometimes unavoidable. The rest of the time, though, data breaches might be entirely avoidable if a measure as simple and effective as multi-factor authentication were put into place. Relying on users not just for something they know, but also for something they have, is a sound practice that can spare businesses, universities, health care facilities, and other organizations at all levels untold amounts of loss to finances, time, data and reputation. If you re looking for ways to make your organization s data safer, look into multi-factor authentication and the ways it can help you accomplish your security goals. If you have any further questions or would like to do more reading, feel free to check out the sources in the bibliography the articles by Jesse Briggs and Mat Honan are particularly interesting. You can also feel free, of course, to contact us at Advanced Software Products Group we ve been in the data security business since 1986, and would be happy to answer any questions you have about multi-factor authentication, password reset systems, or any other security-related topic. In the end, multi-factor authentication shouldn t just be something you ve heard about: Make it something you know.

12 About Advanced Software Products Group ASPG is an industry-leading software development company with IBM and Microsoft certifications, and for over 25 years has been producing award-winning software for data centers and mainframes, specializing in data security, storage administration, and systems productivity, providing solutions for a majority of the GLOBAL 1000 data centers. For more information about ASPG, please contact our sales team by phone at (Toll-Free) or (US/International), (fax) or at You can also visit the ASPG website at

13 Bibliography Advanced Software Products Group (ASPG). (2013, May 14) Got multi-factor authentiction? Retrieved 5/17/2013 at Advanced Software Products Group (ASPG). (2013). Enterprise Password Reset Software ReACT ASPG Retrieved 6/3/2013 from Bangor Daily News. (October 10, 2012). TD Bank waits seven months to notify customers of security breach. Retrieved 5/26/2013 from com/2012/10/09/business/td-bank-notifies-customers-of-confidential-data-loss/. Briggs, J. (2013, April 5). You re Doing Passwords Wrong. Retrieved 5/17/2013 from Wrong. Honan, Mat. (2012, August 6). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved 6/3/2013 from apple-amazon-mat-honan-hacking/. Navigant. (2013). Information Security & Data Breach Report, March 2013 Update. Retrieved 5/17/2013 from Disputes%20Investigations/DataBreach_March2013.ashx.

Big Data, Big Security:

Big Data, Big Security: Big Data, Big Security: Best Practices for Enterprise Data Encryption Introduction Big Data is a big topic right now and well it should be. The ebb and flow of commerce and other interactions around the

More information

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA) Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

It may look like this all has to do with your password, but that s not the only factor to worry about.

It may look like this all has to do with your password, but that s not the only factor to worry about. Account Security One of the easiest ways to lose control of private information is to use poor safeguards on internet accounts like web-based email, online banking and social media (Facebook, Twitter).

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

More effective protection for your access control system with end-to-end security

More effective protection for your access control system with end-to-end security More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT

More information

Welcome Guide for MP-1 Token for Microsoft Windows

Welcome Guide for MP-1 Token for Microsoft Windows Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made

More information

Hard vs. Soft Tokens Making the Right Choice for Security

Hard vs. Soft Tokens Making the Right Choice for Security Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com

More information

AB 1149 Compliance: Data Security Best Practices

AB 1149 Compliance: Data Security Best Practices AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California

More information

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.

More information

Welcome to the Protecting Your Identity. Training Module

Welcome to the Protecting Your Identity. Training Module Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting

More information

10 steps to better secure your Mac laptop from physical data theft

10 steps to better secure your Mac laptop from physical data theft 10 steps to better secure your Mac laptop from physical data theft Executive summary: This paper describes changes Mac users can make to improve the physical security of their laptops, discussing the context

More information

Cyber Security. Maintaining Your Identity on the Net

Cyber Security. Maintaining Your Identity on the Net Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

Two-Factor Authentication Basics for Linux. Pat Barron (pat@lectroid.com) Western PA Linux Users Group

Two-Factor Authentication Basics for Linux. Pat Barron (pat@lectroid.com) Western PA Linux Users Group Two-Factor Authentication Basics for Linux Pat Barron (pat@lectroid.com) Western PA Linux Users Group Some Basic Security Terminology Two of the most common things we discuss related to security are Authentication

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Adding Stronger Authentication to your Portal and Cloud Apps

Adding Stronger Authentication to your Portal and Cloud Apps SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

More information

MOBILE BANKING. Why should I use Mobile Banking?

MOBILE BANKING. Why should I use Mobile Banking? MOBILE BANKING What is Mobile Banking? With Mobile Banking, you can access your account, conduct transfers, and pay and manage bills from any mobile device that has web browsing capabilities and a data

More information

Making the leap to the cloud: IS my data private and secure?

Making the leap to the cloud: IS my data private and secure? Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about

More information

Two-Factor Authentication and Swivel

Two-Factor Authentication and Swivel Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

Welcome Guide. SafeNet Authentication Service. MP-1 Token for Mac OS X. SafeNet Authentication Service: Welcome Guide. MP-1 Token for Mac OS X

Welcome Guide. SafeNet Authentication Service. MP-1 Token for Mac OS X. SafeNet Authentication Service: Welcome Guide. MP-1 Token for Mac OS X SafeNet Authentication Service Welcome Guide 1 Document Information Document Part Number 007-012414-002, Rev. B Release Date February 2015 Trademarks All intellectual property is protected by copyright.

More information

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what

More information

Report on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012

Report on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012 Report on Consumer Behaviors and Perceptions of Mobile Security Presented by NQ Mobile & NCSA January 25, 2012 Methodology Online survey of 1,158 consumers. Participants had to own a smartphone. Respondents

More information

Business Online Banking & Bill Pay Guide to Getting Started

Business Online Banking & Bill Pay Guide to Getting Started Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re

More information

SmartHIPAA! 5 simple and inexpensive tips to protect patient information

SmartHIPAA! 5 simple and inexpensive tips to protect patient information SmartHIPAA! 5 simple and inexpensive tips to protect patient information 5 simple and inexpensive tips to protect patient information HIPAA security guidelines can be confusing and compliance expensive.

More information

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc. Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Email Security. 01-15-09 Fort Mac

Email Security. 01-15-09 Fort Mac Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend

More information

Spring Hill State Bank Mobile Banking FAQs

Spring Hill State Bank Mobile Banking FAQs Spring Hill State Bank Mobile Banking FAQs What is Mobile Banking? Mobile Banking enables you to access your account information using the Bank online banking website. You must first be enrolled as an

More information

Cybersecurity: Safeguarding Your Business in the Digital Age

Cybersecurity: Safeguarding Your Business in the Digital Age Cybersecurity: Safeguarding Your Business in the Digital Age Introduction The digitization of our society has had a powerful impact on the ways in which organizations work and relate to their customers

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Personal Online Banking & Bill Pay. Guide to Getting Started

Personal Online Banking & Bill Pay. Guide to Getting Started Personal Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Online Banking. Whether you re at home,

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Estimated time: 45 minutes Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Overview: Students learn strategies for guarding against

More information

BlackShield Authentication Service

BlackShield Authentication Service BlackShield Authentication Service Guide for Users of CRYPTOCard MP-1 Software Tokens on Smart Phones Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright Copyright 2011.

More information

Online Security Tips

Online Security Tips Online Security Tips Is your computer set to automatically check for software and security updates? Do you type your name in search engines to see what personal information is online? Have you customized

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something

More information

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense 1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Frequently Asked Questions (FAQ)

Frequently Asked Questions (FAQ) Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart

More information

Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers

Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Frequently Asked Questions and Answers 2011 CardLogix Corporation. All rights reserved. This document contains information

More information

31 Ways To Make Your Computer System More Secure

31 Ways To Make Your Computer System More Secure 31 Ways To Make Your Computer System More Secure Copyright 2001 Denver Tax Software, Inc. 1. Move to more secure Microsoft Windows systems. Windows NT, 2000 and XP can be made more secure than Windows

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

BUSINESS COMPUTER SECURITY. aaa BUSINESS SECURITY SECURITY FOR LIFE

BUSINESS COMPUTER SECURITY. aaa BUSINESS SECURITY SECURITY FOR LIFE aaa BUSINESS SECURITY SECURITY FOR LIFE CHAPTER 1: WHY COMPUTER SECURITY IS IMPORTANT FOR YOUR BUSINESS No matter how big or small your business is, it s highly likely that you have some information stored

More information

White Paper: Are there Payment Threats Lurking in Your Hospital?

White Paper: Are there Payment Threats Lurking in Your Hospital? White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

MUSC Information Security Policy Compliance Checklist for System Owners Instructions

MUSC Information Security Policy Compliance Checklist for System Owners Instructions Instructions This checklist can be used to identify gaps in compliance with MUSC's information security policies and standards, which are published on the Web at http://www.musc.edu/security. Each of the

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Multi-Factor Authentication FAQs

Multi-Factor Authentication FAQs General FAQs What is Multi-factor Authentication (MFA)? Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data. Specifically, it enhances the security of your

More information

MS ipad Acceptable Use Policy (AUP) 2015-2016

MS ipad Acceptable Use Policy (AUP) 2015-2016 Introduction Monte Vista provides network and technology resources to enrich the academic experience of students, faculty and staff. Our 1:1 ipad program is a natural extension of our mission to be a premiere

More information

Impact of Data Breaches

Impact of Data Breaches Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:

More information

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table

More information

Simple defence for your business

Simple defence for your business Simple defence for your business SECURITY Canon (UK) Ltd Woodhatch, Reigate Surrey RH2 8BF Telephone No: 08000 353535 Facsimile No: 01737 220022 www.canon.co.uk Canon Ireland Arena Road, Sandyford Industrial

More information

Small Business IT Basic Security Guide:

Small Business IT Basic Security Guide: Small Business IT Basic Security Guide: 20 Common-Sense Steps to Protect Your Network, Your Data, and Your Business Created by John Coleman Managing Director + Principal, 1123IT Version 1.1 (Fall 2014)

More information

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Protect Yourself. Who is asking? What information are they asking for? Why do they need it? Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary

More information

Tips for Banking Online Safely

Tips for Banking Online Safely If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining

More information

User Identity and Authentication

User Identity and Authentication User Identity and Authentication WordPress, 2FA, and Single Sign-On Isaac Potoczny-Jones ijones@tozny.com http://tozny.com About the Speaker Galois, Inc. - @galoisinc. Research & Development for computer

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

White Paper: Multi-Factor Authentication Platform

White Paper: Multi-Factor Authentication Platform White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all

More information

When life happens... Protect Against Identity Theft. Keeping personal information safe & what to do if it happens to you

When life happens... Protect Against Identity Theft. Keeping personal information safe & what to do if it happens to you When life happens... Protect Against Identity Theft Keeping personal information safe & what to do if it happens to you An Identity Theft Epidemic Identity theft is a huge business in the U.S. and around

More information

IDENTITY THEFT. Practical Tips to Do Your Best. David L. Haase November 21, 2015 OPCUG / PATACS

IDENTITY THEFT. Practical Tips to Do Your Best. David L. Haase November 21, 2015 OPCUG / PATACS IDENTITY THEFT Practical Tips to Do Your Best David L. Haase November 21, 2015 OPCUG / PATACS 1 Today s Agenda Who is This Guy? Are You a Target? I.D. Theft vs. Stalking What Do Thieves Target? Have a

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

The Cloud On A Clear Day. Neal Juern

The Cloud On A Clear Day. Neal Juern The Cloud On A Clear Day Neal Juern Alternate Titles The Cloud So what is it anyway? Why is it so cloudy? How To Keep Your Head Out What are the risks? Is it all just marketing fluff? What is The Cloud?

More information

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY INSTEAD OF A SECURITY PROBLEM, ENDPOINTS BECOME PART OF THE SECURITY SOLUTION SUMMARY The internet and mobility have made enterprise

More information

What are the common online dangers?

What are the common online dangers? ONLINE SECURITY GUIDELINES Internet Banking is convenient and times saving. You can do remittances, place online deposit and other transactions through online banking with the convenience and privacy of

More information

Austin Peay State University

Austin Peay State University 1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade

More information

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality EVALUATION GUIDE Evaluating a Self-Service Password Reset Tool This guide presents the criteria to consider when evaluating a self-service password reset solution and can be referenced for a new implementation

More information

Have you ever accessed

Have you ever accessed HIPAA and Your Mobile Devices Not taking the appropriate precautions can be very costly. 99 BY MARK TERRY Alexey Poprotskiy Dreamstime.com Have you ever accessed patient data offsite using a laptop computer,

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

A Security Survey of Strong Authentication Technologies

A Security Survey of Strong Authentication Technologies A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication

More information

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE 2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE WHO ARE WE? 12 years of local Tech, Training and Website services Service the 4 areas of life Regularly

More information

Password Management Evaluation Guide for Businesses

Password Management Evaluation Guide for Businesses Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various

More information

IT Security DO s and DON Ts

IT Security DO s and DON Ts For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON

More information

STATE OF HAWAI I INFORMATION PRIVACY AND SECURITY COUNCIL

STATE OF HAWAI I INFORMATION PRIVACY AND SECURITY COUNCIL STATE OF HAWAI I INFORMATION PRIVACY AND SECURITY COUNCIL Category Security, Breach Title Breach Best Practices Document: IPSC2009-02 Revision: 2009.08.28-01 Posted URL: http://ipsc.hawaii.gov Status Under

More information

MAC OS 10.6 SNOW LEOPARD AND EXCHANGE SERVICES (MAIL, CALENDAR & ADDRESS BOOK)

MAC OS 10.6 SNOW LEOPARD AND EXCHANGE SERVICES (MAIL, CALENDAR & ADDRESS BOOK) M C T - I T & M C T - I T - D E V IT Support & Development in Maths, Computing and Technology MAC OS 10.6 SNOW LEOPARD AND EXCHANGE SERVICES (MAIL, CALENDAR & ADDRESS BOOK) JEFFERY LAY Last updated: Friday,

More information

MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security

MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security You re more connected, but more at risk too Enterprises are increasingly engaging with partners, contractors

More information

Unipass Identity User Guide & FAQ Document v1.1

Unipass Identity User Guide & FAQ Document v1.1 Unipass Identity User Guide & FAQ Document v1.1 Some background information regarding Unipass Identity and a summary of some of the most commonly asked questions relating to your Unipass Identity. UIdP

More information

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0 Flexible Identity Multi-Factor Authentication Tokenless authenticators guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services

More information