Once again high profile hacking is in the news.
Accounting firm, and security advisor Deloitte was illegally accessed by unnamed hackers last month who had managed to compromise an administrator account and used it to access one of Deloitte’s Microsoft Azure accounts. So far, at least six of their clients have been informed that data including usernames, passwords, IP addresses, architectural diagrams and health information was accessed by the hacker. Deloitte is still reviewing the breach and contacting affected parties.
A question many are asking is “How did such a large company with so much experience in cybersecurity get breached?” and the answer is simple. “They didn’t have two-factor authentication.”
Two-factor authentication is a tool used for added security when it comes to important accounts. The name comes from using two factors to log into an account – your usual password and a separate factor such as a cell phone message, remote FOB, or biometic data like a fingerprint. In general, using multiple steps to log is referred to as “Multi-Factor Authentication” or MFA. With MFA enabled, even when a hacker manages to discover your password, they still can’t access your account without also having your other factor, like your phone. Deloitte didn’t use it on one administrator accounts, and as a result the hacker merely needed to get one password in order to gain the keys to the kingdom.
Increasingly, two-factor authentication is being considered a basic security step, and we here at TechGen highly recommend all of our clients look into MFA solutions.
- Microsoft has step-by-step instructions for setting up MFA for Office 365. You can read those here.
- Another good password solution, LastPass, also supports MFA. Specific instructions are here.
We would be happy to help you set up MFA for your important accounts; if you are interested, please let us know.