In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account. That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.
Continuous security monitoring has become the new norm for employers as they battle today's growing cyber security threats. Not only do they have to worry about threats from the outside, they have to be concerned about internal risk from employees as well. With so much to do in IT security already, how can employers alleviate some of the burdens? Working with EiQ Networks is an optimal way to resolve your company's IT security concerns because we have the right people, process, and technology in place to make it happen.
EiQ has been a longstanding provider to the government departments and agencies. We know that many government agencies and divisions are working on overtime to meet fundamental security standards outlined in the DISA’s Security Technical Implementation Guides (STIGs), NIST Special Publication 800-53, 8500.2, and AR25.2. There’s no wonder why. A combination of insufficient or long-awaiting funding, political bickering, lack of clarity in the guidance and the lack of a real timeline for implementation has caused a lot of confusion and waste in time and money. There is also so much hype around new technologies that will protect from the latest threat. Just considering what’s in the market now is full time job takes time and attention away from basic infrastructure management. Every week a new firewall, anti-malware, anti-spam, APT, AV, IPS promise to mitigate risk, thwart attack.