Going Beyond an App for MFA: Common Sense Internet Safety Lesson 8

Don’t trust any contact information in an email from a financial institution. Use information you already know is true – MultiFactor authentication at its core.

 

Let’s look at two scenarios again.

 

Scenario One: You’re an accounting manager. You receive an email to wire payment for an outstanding bill from the CFO. You reply back to confirm additional details, receive a response and then wire out the funds.

 

Scenario Two: You’re a finance clerk within a company. A client emails you to wire funds to your account instead of writing a check. You choose to use your accounting software to validate a necessity to wire instead write a check. It’s a decent amount of money, so you then decide to reach back to them. You then contact the client using the phone number documented in your accounting software to speak with the client directly to confirm they want to wire funds.

 

Did the accounting manager and the finance clerk both perform MFA?

If you said No, you’re correct!

 

The accounting manager didn’t use a different factor to verify but used the same email that was originally sent. If the accounting manager called the number listed within the email, that still wouldn’t count as a different factor.

 

The finance clerk used a different means to validate the information. They used the accounting software that was previously populated.

 

What are some different trusted factors?

Your previously bookmarked website, a business card, a mailed invoice, the number on your credit card, the number in your app, etc.

 

In the case of the accounting manager, a similar case occurred in the UK this year and the company sued her (1). Yes that case was in the UK, but the US is following suit. (pun implied).

 

So, make MFA a way of life, especially when it comes to large sums of money!

 

 

Stay tuned to hear more tips or find more here! Corporate Information Technologies blog

Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised. 

Contact us to learn more and let us show you how good I.T. can be!

 

1 https://www.bbc.com/news/uk-scotland-glasgow-west-47135686