Dan GriffinWelcome to the 22nd edition of the JW Secure Informer, our bi-monthly newsletter. This is an opportunity to share what’s on our radar, specifically with respect to enterprise network security, but also regarding IT and business more generally.

The Informer is intended to be useful content and good for a quick read. So if it’s just clutter in your inbox, we’ve failed, and I hope you’ll let us know.

Protect Your Online Identity Using Your Phone

At JW Secure, we know that authenticating a user’s identity is a difficult problem in the face of continuously evolving attacks. Mobile devices create new barriers to securing Internet services because clumsy keyboards can make it inconvenient to enter complex passwords; mobile devices are more easily lost or stolen than desktop hardware; and mobile applications—including those that may have access to saved passwords—have proven difficult to vet. These factors expose user identities to additional risk.

But rather than view the proliferation of mobile devices as a problem, we see a solution. Mobile device authentication can serve as a catalyst to fix previous authentication methods that have been stuck in a losing battle with malware developers and thieves.

The cellular network of your mobile device lets you fortify the barriers faced by malware. You can use the cellular communication path to bind the user to a specific phone number, and the user-to-digits binding (or just having a specific SIM chip) can be reconfirmed as necessary during online transactions. This results in an exponential increase in the number of attempts an attacker must successfully make to get the same level of success.

Banks have been using phone numbers to reduce online fraud for years. The benefits of two-factor authentication are well known, but have been difficult to achieve in practice because of the expense in getting the second factor into the hands of users. However, companies such as Duo Security and PhoneFactor (recently acquired by Microsoft) allow any online service, small or large, to easily incorporate this capability.

Microsoft has recently re-launched PhoneFactor as Windows Azure Multi-Factor Authentication. Using Azure, when an online service requires two-factor authentication, the phone can provide the second factor in a variety of ways.

For more information, see our recent article, Identity Management: Use two-factor authentication to mitigate fraud. There we explain the threats mitigated by new technology, and how and when new threats are introduced. And we walk you through solutions using phone-based authentication in two different user scenarios: Web logon and Active Directory.

Business Continuity Tip

When Lightning Strikes

Summer is the peak season for one of the nation’s deadliest weather phenomena – lightning. In the United States, an average of 53 people are killed each year by lightning, and hundreds more are severely injured. Agility has assembled the following resources to help prepare both your employees and your business.

  • Lightning Safety – Educate employees, friends and family on the dangers associated with strong thunderstorms and lightning. Click here for helpful information on what you can do before, during and after the storm.
  • Lightning Protection System – Install a lightning protection system (otherwise known as a “lightning rod”) to protecting your building and other assets.
  • Surge Protectors – To protect your electrical equipment, UL-listed surge arrestors should be installed on the main electrical service panel, as well as incoming phone, cable, satellite and data lines.