If you are a healthcare organization, we hope you’ll come by and see us at the Texas MGMA Annual Meeting in Dallas on April 24-26th! For details, go here. We sure hope to see you!
For the 7th year in a row, The Fulcrum Group has been recognized as a Digium Pinnacle Partner! This means we’ve been acknowledged as consistently putting our customers first while successfully growing revenues with the implementation and delivery of Digium’s Business Communications Solutions.
We’ll let you know about any additional upcoming special events through our social media pages, which we’ll update on our Events page as they occur. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us.
If you’re new to our newsletter and you’d like to subscribe, let us know.
What is Multi-Factor Authentication & Why You Need It
While cyber-attacks on organizations have become more complex over the years, basic attacks—such as email phishing— are still effective ways of gaining access to an organization’s sensitive and critical information. While many organizations deploy multiple layers of IT security to protect their systems and data against attack, those protective controls are nullified if an attacker can obtain a valid set of user credentials to the environment.
Multi-Factor Authentication has evolved as the single most effective control to insulate an organization against remote attacks and when implemented correctly, can prevent most threat actors from easily gaining an initial foothold into your organization, even if credentials become compromised.
What is Multi-Factor Authentication?
Multi-Factor Authentication is the process of identifying users by validating two or more “factors,” or characteristics that are unique to that user.
Three different characteristics are often used as factors in the authentication process:
Something you have
Something you are
Something you know
Common implementations of Multi-Factor Authentication include the “something you know” factor (i.e. password) and “something you have” (i.e. one-time passcode sent to your smartphone or provided via a token).
While authentication is the process by which a computer validates the identity of a user (i.e. username and password), Multi-Factor Authentication adds an additional layer of protection and security against one of the most common types of breach—compromised credentials.
Without the added layer of security through Multi-Factor Authentication, it is more difficult to truly verify that the user who accessed the system is who they say they are because passwords are still very easy to guess, crack, or steal.
What are the Benefits of Multi-Factor Authentication?
Implementing Multi-Factor Authentication for all users of an organization is one of the most effective ways to prevent unauthorized access to sensitive data. Multi-Factor Authentication, when implemented correctly, can be used to safeguard often overlooked points of authentication, such as email and business applications. Without this extra layer of protection, an attacker can exploit an exposed email account or compromise a poorly-protected application to gain access to additional user information—or even worse, use the compromise as a “foothold” to escalate privileges and gain superuser access to the entire environment.
An often-overlooked benefit of Multi-Factor Authentication is seen when cyber criminals attempt to authenticate to an account with Multi-Factor Authentication enabled, and the targeted employee receives the second authentication factor. The employee, if trained properly, should recognize the compromise and report it to his or her IT department for resolution and further prevention.
Overview of Duo Multi-Factor Authentication
Duo Multi-Factor Authentication is cloud-based Multi-Factor Authentication service that adds a second layer of security to your Windows Active Directory and online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.
How It Works
Enter username and password as usual
Use your phone to verify your identity
Securely logged in
Once you’ve enrolled in Duo you’re ready to go: You’ll login as usual with your username and password, and then use your device to verify that it’s you. Your administrator can set up the system to do this via SMS, voice call, one-time passcode, the Duo Mobile smartphone app, and so on.
No mobile phone? You can also use a landline or tablet, or ask your administrator for a hardware token. Duo lets you link multiple devices to your account, so you can use your mobile phone and a landline, a landline and a hardware token, two different mobile devices, etc.
Why Do I Need This?
Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account.
Multi-Factor Authentication adds a second layer of security, keeping your account secure even if your password is compromised. With Duo Push, you’ll be alerted right away (on your phone) if someone is trying to log in as you.
This second factor of authentication is separate and independent from your username and password — Duo never sees your password.
Cell Phones & Landlines
If you have any questions or would like more information about Duo Multi-Factor Authentication solutions, please feel free to reach out to your Fulcrum Group Account Manager.
Cybersecurity SPOTlight: Field Guide to PII
What is PII and why is it so important to your organization’s cybersecurity posture?
PII, or personally identifiable information, is sensitive data that could be used to identify, contact, or locate an individual, such as home addresses, personal email addresses, national ID numbers, credit card numbers, and personal phone numbers.
Our PII is necessary to acquire some goods and services, such as medical care and utilities, personally. In the wrong hands, PII leads to identity theft and other forms of fraud. Professionally, we may store PII of customers, clients, vendors, contractors, employees, and partners. If left unprotected, our organization could face steep fines and our reputation could be severely damaged.
Protecting the private data of our clients, customers, partners, and co-workers is not only a responsibility we all share, but should be part of your bigger, overall security plan.
Outsource your IT support to the Fulcrum Group for improved performance and “no worry” computing. While many technology issues can be handled remotely, we complement our remote support tools with the personal touch of regular onsite visits, to better stay in synch with our clients and better uncover ways to improve the business.