Tag: Overhead | SpinSafe

Grid Cards – MFA without the technical overhead

October 27, 2022/in Mobile Security

This is part four of our MFA blog series for Cybersecurity Awareness Month. You can read up on blog one here, blog two here, and blog three here.

We already know the importance of multi-factor authentication (MFA) to secure access to resources for users in a world where passwords are the single largest attack vector. In a recent study, it was found that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

When thinking about MFA, many people automatically think about using mobile push notifications, SMS one time passcodes (OTP), and other mobile-centric authentication methods. But what about when frontline or field employees need access to critical resources and systems and don’t have access to a mobile device or where mobile devices are not allowed due to the sensitive nature of the data being accessed? Here are some scenarios where the use of mobile devices is not feasible:

Outsourced call centers with employees accessing systems connecting to sensitive data within your organization like customer PII.
Part-time customer service employees that handle critical customer data in order to provide a user with effective customer support.
Military field personnel that cannot use electronic forms of authentication due to the possibility of transmission interception.
Mobile emergency workers in emergency situations and it is not convenient or possible to carry mobile devices.

How do you enable MFA for these employees?

One way is the use of Physical keys like FIDO keys. But these can prove to be too expensive and inefficient to support. Keys can be lost or damaged and have to be replaced. When employees quit or new employees join, they need to be wiped and reconfigured.

What are Grid cards and how do they work?

Grid cards are an easy to use and cost effective way to provide MFA for users that cannot use mobile devices to log in to the required systems and applications. The Entrust Grid Card is a paper-based card that can be printed from a PDF file and contains a grid of rows and columns that consist of numbers and characters. As part of the MFA process, users are presented with a coordinate challenge and must respond with the information in the corresponding…

Source…

Airlock Allowlisting Solution Blocks Ransomware And Reduces Operational Overhead For IT And Cybersecurity Teams

March 23, 2021/in Internet Security

Wednesday, 24 March 2021, 1:24 pm
Press Release: Airlock Digital

Auckland, New Zealand – 24 March 2021:
Australian cybersecurity pioneer Airlock Digital
continues to enhance its industry-leading allowlisting
solution to more effectively block malware, ransomware and
zero-day attacks, help comply with cybersecurity standards,
and reduce the allowlisting operational effort for IT and
cybersecurity teams.

Allowlisting – also referred to
as application whitelisting or application control – is
documented in a number of government cybersecurity standards
and/or regulations worldwide, including the ACSC Essential
Eight Strategies to Mitigate Cyber Security Incidents, U.S.
Top 10 Mitigations, NIST 800-171, CMMC, Center for Internet
Security Basic Six, Canadian Top 10 IT Security Actions, and
New Zealand Critical Controls.

Many cybersecurity
solutions exist today that can block the execution of files
on endpoint systems. Almost none offer the granular
centralised control, the workflow support, or the
operational flexibility required to cost-effectively support
allowlisting in dynamic, enterprise computing
environments.

“There are many security products that
can allow or block files. That isn’t the challenge,”
says Airlock Digital Co-Founder, David Cottingham. “The
challenge is how you instrument the allowlisting process to
operationalise pro-active security
controls.”

Airlock reduces the support burden of
allowlisting, utilising easy-to-use workflows that prevent
disruption to users. If a required application is blocked,
IT teams, including non-cybersecurity staff, can simply and
easily grant permissions to users with a range of one-time
password (OTP) options.

In addition to one-time use
and mobile OTP, the latest Airlock version 4.7 release
provides a new codeless self-service capability, helping to
maintain user productivity without compromising on security.
Codeless self-service allows privileged users to
self-administer temporary access to applications and scripts
restricted to the general user base.

“Codeless
self-service aims to reduce friction and enables users to
handle exceptions as quickly as possible, reducing…

Source…

Overhead projector vs. ceiling fan

June 2, 2015/in Internet Security

So what do we have here?

First of all, I cannot vouch for the authenticity of this photograph. I received it via the Twitter account for YouHadOneJob, @_youhadonejob. There are several other versions floating around. It could be a fake.

But let’s assume it’s real. What could account for the decision of the projector installer?

Perhaps it could be that the projector needed to be installed a precise distance from the screen and therefore no other variable, such as proximity to the blades of a ceiling fan, could alter that requirement. In other words, the projector installer simply had no choice.

To read this article in full or to leave a comment, please click here

Network World Paul McNamara

Tag Archive for: Overhead