The privacy and security of our clients’ data and personal information are of the utmost importance to FGMK. With all of the data breaches that have occurred, it is important for us to ensure that we are doing all that we can to protect the sensitive information which resides in our systems. As an additional security precaution, FGMK implemented multi-factor authentication for its client portal on April 29, 2018. This is a security control that has been widely adopted by many organizations to ensure that there is an additional layer of security over sensitive information.
Multi-factor authentication is a method for granting access to online resources through the use of two or more pieces of evidence that are presented by the user before they are authorized for access to the system. Typically, this is done by requiring the user to first input their user ID and password, and then by sending the user another piece of information as a one-time passcode to a pre-determined location like their cell phone or email account. The user then enters that second piece of information into the application before they are granted access to the system. This method of authentication provides an extra layer of security because even if a hacker has gained access to the login credentials for the user, they will not typically have access to the user’s cell phone or email account and therefore will not be able to receive the required passcode for access to the system.
For the multi-factor authentication that will be implemented on the FGMK client portal, it is important to note that this authorization mechanism will be in effect every time one of these conditions occurs:
- Every time a user logs into the portal, unless they have checked the box that reads “Remember this device” at login.
- When logging in for the first time from a new device or a new web browser.
- When a user is going through the “Forgot Password” process.
- If the user is logging in more than 90 days after their previous login.
This type of security risk is important for everyone to consider in their own business environment. A common misconception is that data breaches only occur in certain types of industries and only in very large companies who collect personal information that is valuable to a hacker. Studies have shown that these types of breaches and other cybercrimes occur in business of all sizes and across all industry sectors. The reality is that hackers can monetize any personal information and most company data that they are able to obtain during their activities. It is imperative for all companies to appropriately consider this risk and ensure that only authorized individuals have access to their most sensitive data, including information related to their business activities, customers and employees. Companies should ensure that they are being vigilant in protecting their data by:
Formalizing their risk management processes so that they can proactively identify and manage security risks that threaten the loss of data and system outages.
- Documenting policies and procedures to ensure that expectations are clearly defined and that there is an ability to have consistent execution of all control activities.
- Developing a comprehensive cybersecurity program to mitigate the risks of internal and external threats to IT security as well as data privacy and confidentiality.
- Undertaking regular evaluations of potential vulnerabilities and ensuring that appropriate plans are in place to remediate any issues that are identified.
- Raising user awareness of these types of security risks to ensure that users understand how to prevent their login credentials from being compromised.
If you have any questions about the implementation of the multi-factor authentication, or you would like to have a conversation about cybersecurity issues in your organization, please contact FGMK so that we can address your concerns.