MCP Insights

If You Do Nothing Else, Implement Multifactor Authentication to Head Off Cyberattacks

Posted on May 28, 2020 by Mike Beagles

MCP’s NetInform solution leverages a variety of tools that enable our subject-matter experts to assess our clients’ communications network security postures. That assessment includes looking for vulnerabilities that could allow a bad actor to gain access to the network and then navigate through it, seeking opportunities to perform cyberattacks. Typically, a lot of vulnerabilities exist, and they’re not always easy to see. It can be something as simple as a network port being left open by a service technician after the work is done, or a former employee’s account is still active long after they left. This is problematic because numerous, easy-to-use scanning programs are readily available to hackers that enable them to probe an organization’s network to discover every open port, i.e., breach point, and attempt access.

But more likely, vulnerabilities are created by weaknesses in the client’s network security policies.

Policies simply are rules that determine who is allowed into the network or its systems, and how that access is granted. Authentication occurs at device and user levels. Regarding the former, an example of a weak device security policy would be that any system plugged into a switch or connected to a Wi-Fi network without a password still is assigned an Internet Protocol (IP) address and granted access to the network.

The Most Common and Glaring Weakness

One of the most common and glaring weaknesses we encounter concerns user authentication policies. Though it might seem beyond the realm of plausibility, we do come across clients now and then that still do not require passwords to access their network. More common is that they use passwords that are quite simple and very easy to guess, e.g., “password,” “qwerty” and “123456.” Last year, the United Kingdom’s National Cyber Security Centre performed an analysis and found that 23.2 million breached accounts had used “123456” for a password. All a bad actor would need in this scenario is a username—anyone’s username—and they would be inside the network in no time, often within seconds. Indeed, one of the quickest and most impactful ways to help mitigate attacks is to have a password policy in place that requires complexity and regular password changes several times a year.

Businesses of every kind, but especially public safety agencies, should be using, at the very least, passwords that contain a combination of upper- and lower-case letters, numerals, punctuation symbols and special characters—the longer and more complex the better.

An even better approach involves multifactor authentication. This tactic focuses on things that the user knows and things that the user has. For example, a user would know his username and password, but also might be asked a challenge question, the answer to which only he knows. A fingerprint scan would be an example of something the user has. So too would be a randomly generated, one-time code that the network transmitted to his smartphone or to a security device known as a key fob. Either way, the user would need to input the code before network access is granted.     

Other Frequent Mistakes to Watch For

Here are a few other common mistakes that we see in our travels:

  • Sometimes the client’s password policies are adequate, even good, but they are not enforced
  • User training is inadequate for the public safety environment; this is a huge factor in so many phishing attacks being successful. Untrained, less savvy personnel have a greater tendency to open emails and click on attachments that look real but are not. They also tend to write passwords on notes that easily are visible—by them and everyone around them—and plug nonsecure flash drives from outside the agency into their computers, which then unleash all sorts of viruses and malware
  • Network security policies are not updated often enough, or at all
  • No disaster-recovery plans exist to enable the agency to recover from a cyberattack
  • Accounts for workers who have left the agency are not terminated quickly enough, or at all. Known as “stale” accounts, they are particularly dangerous in situations where the separation was not amicable. However, it is well-known in the hacker community that most usernames closely resemble the person’s name, e.g., first initial, last name, and so on. It won’t take a hacker long to work through the permutations and penetrate the network, especially if the worker was using a simple password

Cyberattacks are nothing to take lightly. They can cause networks and systems to crash, which in the case of a public safety’s 911 system would be disastrous. They can lead to tens of thousands of dollars in ransomware payouts to restore encrypted data. MCP’s NetInform assessment solution is designed to identify where our clients are most vulnerable from a network security perspective—the proverbial holes in the dike. Please reach out. 

Related Posts

Cybersecurity Threat Advisory: Hackers Still Are Exploiting COVID-19

Public Safety Cybersecurity Threat Advisory: Critical VMware Bug

Eight Tips for Protecting Public Safety Organizations Against Phishing

Subscribe to Newsletter