Wondering what is double authentication? Read on, because here we tell you what it is and why all the companies are implementing double authentication for computer security.
As a trusted IT company for SME in Barcelona, at INNOVAmee , we are facing the need to implement more demanding IT security processes to fight against new forms of cybercrime. A few weeks ago we were already talking about some types of computer attacks and two courses on cybersecurity and equipment review focused on companies and their workers.
One of the latest forms of cybercrime is based on phishing. You will say that identity theft is older than hunger and you are right. The novelty is that previously the crime was directly committed by the same stolen identity. Now, many times, what is sought is for a third party to make a mistake in favor of the cybercriminal. Anyway, double authentication is the key to avoid it.
Let’s see an example. We want to steal money from a company. Years ago, the company’s computer systems would have been frontally attacked, an identity and password stolen, and a transfer made in favor of the cybercriminal.
The first drawback is that the real person to whom he impersonates would immediately see that someone, posing as him, has performed an unwanted operation. Also companies nowadays have antivirus(Oh, please, tell me you have one installed). Therefore, you have to be more sophisticated.
One option would be, to bypass the company’s firewall, enter via advertisements from “trusted” pages that employees access. Out there inject malicious code and be able to access employee computers. With a little more work, hackers become familiar with how the company operates. To go unnoticed, they introduce operations into normal company processes. In our example, they could order the accounting department to make a payment to their own company.
This modus operandi allows criminals to go unnoticed longer. This helps them repeat blows and make money disappear. This is one of the three ways in which Denis K has robbed more than 1,000 million from different banks. In the end, he was caught in Alicante.
How to add more computer security to the company and its critical systems? With double authentication.
Double authentication is based on requesting the user to identify himself with an id and password that he knows, with another key or external element that he physically possesses. It can be an object such as an external flash drive, a coordinate card or an app on the mobile that generates keys; or a personal characteristic such as voice, fingerprint or biometric facial recognition.
This ensures that data theft (username and password) is not sufficient to access critical company services. A good analysis of the company’s computer systems, along with preventive maintenance, can protect confidential business data.
And finally, I leave you the link of a curious and entertaining Guide to rob a bank that exposed a Hacker. In it, he acknowledges that it was much easier for him because “They only used password authentication to access the application with which they connected to the SWIFT network.”
If you want to know more or think that your company needs a computer audit, check us out at INNOVAmee