Blog: Protecting your Organization
Cybersecurity Awareness

Secure your accounts and your organization

Protecting your organization

October is Cybersecurity Awareness Month, and at FSi Strategies, keeping our clients safe is an essential part of our services.

As more business data is being accessed from locations outside of the traditional workplace, we continuously find ourselves in a more complex landscape of security and compliance challenges in our efforts to adapt to the requirements of hybrid workspaces and build proper defenses.

FSI Strategies employs a comprehensive, multi-layered approach in crafting security strategies. Our approach encompasses the implementation of multiple lines of defense, guaranteeing that in the event of one layer being breached, other layers of protection are in place to prevent or minimize the impact on the business. Safeguarding user identities is a core part of our approach to security in the workplace. Highlighting the significance of having robust verification mechanisms in place during the log-in process is imperative.

In the digital realm, usernames and passwords serve as the primary gateway to our online identities and accounts across various domains, including social media, financial, medical, and business interactions. Our usernames are commonly acknowledged as representations of our online identities, while passwords serve as the key to accessing accounts. Unfortunately, verifying the authenticity of the individual behind an account is a challenging task.

Passwords are susceptible to easy compromise, and, by themselves, they are not enough to provide adequate identity verification.

It takes merely two seconds to crack a password containing seven characters including numbers, lowercase, and uppercase characters. Even an 8-character password with a similar level of complexity can be breached in about two minutes . When coupled with lenient password policies adopted by organizations and the prevalence of common insecure password creation habits, the task of deducing a password becomes feasible without even having to resort to sophisticated password cracking tools, techniques, or expertise. Not to mention, the careless handling of passwords—scribbled on notes, shared through emails, or chat conversations combined with the lack of proper encryption measures—poses a significant threat.

Now more than ever, it’s imperative to incorporate an extra layer of identity verification during the log-in process. When you enter your password that is the first step to verify who you are when logging into your account. However, if someone has managed to obtain your password, then they can easily use that to log in as you. It’s important to add an additional factor at log in that is something that the malicious party cannot easily get their hands on to impersonate you. There are the three fundamental authentication factors at play, and the goal is to require two or more at the log-in to verify who you say you are:

Knowledge-based

Something you know: a piece of information only you know such as a password.

Possession-based

Something you have: a separate and trusted device such as a personal phone.

Biometric-based

Something you are: distinctive biometric trait like a fingerprint, facial scan.

By instituting a mandatory multi-factor authentication process, you effectively eradicate the vulnerability of a single point of failure. This substantially bolsters your defense against compromise, even in situations where your password has been compromised. Incorporating multi-factor authentication should be a fundamental practice in fortifying your online accounts in order to protect your identity.

One might wonder, does this provide a comprehensive solution to all our challenges with account and identity compromises? The short answer is no; a single solution cannot comprehensively cover all the multifaceted areas we face. But it is vital to build a robust foundation brick by brick. It is also essential to recognize that as defensive strategies advance, so do the methods employed by those seeking to breach them. It remains imperative to maintain consistent security diligence daily. Despite activating multifactor authentication, users can still fall victim to manipulation, whether due to “multi-factor authentication fatigue” or inattentiveness when approving MFA requests. Consistent user awareness and training exercises are essential as well. And choosing a strong second-factor is vital, with the Authenticator App preferred for its enhanced resistance to unauthorized access than phone-delivered codes.

The issue of user-friendliness and the pursuit of convenience also comes into play when constructing solutions. Adapting behaviors can prove to be a demanding endeavor for everyone, and incorporating extra tasks amidst our already bustling lives can be a challenge. While multi-factor authentication boosts security, a more robust approach is adopting password-less methods, eliminating the need for passwords and relying on ‘what you possess’ and ‘who you are’ for authentication. This approach not only mitigates vulnerabilities but also streamlines the user experience, facilitating adherence to security compliance and minimizes potential human errors.

Contact us today to learn how we can help you leverage Modern Work technology to protect your organization from modern threats and secure your identity.