According to the World Trade Report, it takes hackers 4 minutes to get into servers through email attacks. And that it takes an average of 286 days to detect a security breach and an additional 80 days to repair the damage. Enhance Security with Windows and Office.
Enhance your security and go modern with Windows 10 and Microsoft 365 Business. Check out this infographic for more industry trends and see how you can protect your company against external threats and leaks with Windows 10 and Microsoft 365 Business security and compliance tools built into your devices.
On another note, Microsoft last week made the case for moving away from SMS-based authentication in Multi-Factor Authentication (MFA) schemes, citing its insecurity.
“It’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms,” Microsoft’s Alex Weinert writes. “These mechanisms are based on publicly-switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today. That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages. Plan your move to passwordless strong [authentication] now – the authenticator app provides an immediate and evolving option.”
Use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1 percent of the general population.
SMS-based authentication, he says, is transmitted in the clear, meaning that it can’t be encrypted and “can be intercepted by anyone who can get access to the switching network or within the radio range of a device.” They are easy to socially engineer, enabling an SMS form of a phishing attack in which users can unknowingly give hackers the information they need to access user accounts. And thanks to the unreliability of mobile networks, they’re unreliable, and you won’t be informed if an authentication attempt fails.
For most users on their mobile devices, we believe the right answer is app-based authentication. For us, that means the Microsoft Authenticator. The Authenticator uses encrypted communication, allowing bi-directional communication on authentication status.
Don’t let hackers access your data. Contact us at Penntech IT Solutions to #GetModern today!