RSMUS.comThe headlines for 2014 were full of incidents involving stolen credentials. One of the bigger headlines involved a Russian crime ring that amassed over 1.2 billion credentials involving more than 420,000 websites. Also this year, we have seen announcements from Apple, Google, eBay, and others all involving compromised credentials. It should come as no surprise that Verizon’s 2014 DBIR (Data Breach Investigations Report) concluded that weak or stolen credentials were involved in several known breaches. The lesson we should learn from this is simple; usernames and passwords alone are not good enough!
So how can you prevent a corporate security breach if your credentials are stolen? If your business deploys any form of authenticated remote access (VPNs, e-mail access, intranets, cloud access, etc.), two-factor authentication should be a requirement for those technologies. Two-factor authentication provides identification of users by two different components typically consisting of something the users knows, something the user is, or something the user possesses. Username and password combinations are considered to be something the user knows. This is where many organizations end their authentication requirements opening the door for stolen credentials being used to access corporate assets. Requiring another form of authentication greatly reduces risk associated with stolen credentials.
Several options exist to add another method of authentication to a corporation’s remote access requirements. Examples of what a user possesses includes tokens or smart phones while voice or fingerprints would be considered something the user is. Some options include upfront hardware and software costs while others are cloud based requiring minimal upfront investments but with recurring fees. If only a username and password separate your business from the world, two-factor authentication can reduce your risks.
For more information on RSM’s technology and security offerings please check out our website. You can also contact RSM’s technology consulting professionals at 800.274.3978 or email us.
Scott Hermanson
Scott leads the national network and unified communication solutions team, which encompasses network cyber-defense technologies, transport systems and unified communication platforms. Prior to joining RSM in 2003, Scott worked for a software company as a senior network engineer where he was responsible for the design and implementation of data and voice networks to support financial transactions in excess of over $1 million every minute and up to 800,000 online traders. Scott also has an extensive background in network design and architecture. He has designed infrastructures to support both front and back-office financial transactions with a variety of firms. Scott has great discipline in the field of network documentation and operational procedures. He has created web-based systems to capture network-based move, add and change requests, and a live documentation management system. He also has detailed experience for the implementation of network monitoring and management tools from a variety of vendors. In order to accommodate government regulation of financial-based networks, Scott has designed networks for five nines of availability. During his employment with a software company, the core network designed by Scott was able to switch all 800,000 users and over a dozen back-end connections to a remote recovery facility in less than three minutes. Switching services to the remote facility was performed once per month to ensure clients of the business continuance plan.