This episode talks about the Multifactor Authentication along with UK Business Cyber Resilience and International efforts to make being online safer.
For more information visit the NCSC’s guidance on multi-factor authentication visit:
· Multi-factor authentication for online services – https://www.ncsc.gov.uk/guidance/multifactor-authentication-online-services
· Setting up two-factor authentication (2FA)
· Turn on two-factor authentication – Social Media, Banking & Email https://www.ncsc.gov.uk/cyberaware/home#section_4
After listening to this podcast please visit Action Fraud, Take Five, National Cyber Security Centre and the West Midlands Cyber Protect Websites for more guidance on all things relating to online Security.
Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands.
Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso.
To contact us please email us at [email protected].
Hello and welcome, my name is Patrick and I'm a detective and cyber protect officer from the West Midlands Regional Cybercrime Unit.
Today's date is Friday, the fourth of August 2020, and these are your cyber threat weekly headlines. Multi Factor Authentication is an extremely useful way of preventing others from accessing your valuable accounts. Research has shown that UK businesses are not at the same level as their global peers when it comes to cybersecurity resilience. On a positive note, UK has joined its allies jointly producing advice and guidance documents for those who conduct business and live their lives online.
We're going to start off today by talking about Multi Factor Authentication, also known as two factor authentication. The use of MFA and 2FA is becoming increasingly common. However, it's worth bearing in mind that a lot of the websites don't require it as a default. So when you create your password and your username, please bear this in mind and make efforts to clarify whether the site that you're creating the account for and or regularly accessing after you've heard this podcast, have this facility? Because if they do, I strongly recommend that you implement it.
So what is MFA 2FA? Well, in short, it's a way of double checking, the person who is accessing an account is the true account holder. So I appreciate that anyone listening to this might think, well, I certainly don't want anybody else accessing my account. So I would like to make it as secure as possible. Two factor authentication is the way to do this. So in the physical world, somebody comes to a location where they've restricted access, they will be checked, they work there, for example, there'll be checked yes you work here. But also they'll have some identification of some sort. It's a bit different online, of course. So we find that it's a good approach to have multi factor authentication, two factor authentication. So a second layer of security, a way of double checking, like I've mentioned. The benefits of double checking somebody identity is quite clear. And to put this into perspective, you can just say to yourself, well, if you have something which is really important to you, and obviously you want it to secure, then you put a lock on it, so it is fairly secure. However, sitting right there in your grasp, is the ability to put a second lock, make it more secure. would you do this? I think most people would say yes. And if that is a yes, I think it highlights the clear requirement, the benefits of Multi Factor Authentication, 2FA. Good example of Multi Factor Authentication is when you go to a cash point machine, or ATM, and you put the card in. So you've produced something that you have, but it's not going to give you any money until you you produce something such as a pin, because this is something you know. So there we are, we've got two factor authentication there. To look at this in a slightly different way, on a website, on your laptop, you've got the ability to obviously input a password, and a username. And there is a way that you can have something physically in your possession, which does resemble a USB memory stick that you can plug into your laptop that can then authenticate your identification.
So we've talked about what you have, and what you know, that is Multi Factor Authentication. But another way of adding a layer of security is where you are more to the point where you are not. So two examples of this could be you draw out some money in London genuinely. So you go off and enjoy your day in London. And then 45 minutes later, there is an attempt to access your bank account in Glasgow, your banks are most likely going to restrict that withdrawal because they think well hang on a minute, 45 minutes London to Glasgow, so they would probably think well, this is not right. So they would hold off and clarify that it is in fact you. Another way of implementing where you are as a factor of authentication would be you or the platform or website that you're accessing, restricting access unless you are in a specific place.
A fourth type of authentication would be what you are. So what I mean is you're accessing a website, which has Multi Factor Authentication. And you have the facility to be able to implement a fingerprint scanner, a retina scanner. Or even voice recognition as a layer of security authentication.
So how do we set up Multi Factor Authentication, the most common type used is you're on the web, you're making a transaction, you have no choice because the websites insisted, one time code, you get a text message with a 6,7, 8 digit code. And then at the point of transaction, you put this code in, which will only probably last sometimes 10 minutes, sometimes an hour, but it has a time limit on it so it can be reused.
The other very common form of two FA MFA on your smartphone, you download an app. So an example of setting up would be you download the application. And then what it does is at the point of setting up 2FA, you have to scan a QR code, you scan the QR code, and then it remembers that say amazon.com was scanned and now from now on your application comes up as amazon.com. Now of roughly around every 30 seconds, it gets refreshed and you have a different code. So whenever you're going online to make a purchase, and it asks you for the code from your App that you've got in place which authenticates your transaction to be you.
So to summarise, multi factor authentication will significantly improve security of all your accounts. As a bit of a revision. There's four main types, which is what you have, so its your bank card or a USB memory stick looking security device. It is what you know, which is a password or a pin, what you are a retina scan or fingerprint scan, or voice recognition and also where you are or more to the point where you are not.
In other news, researchers found that UK companies are above average more likely to be targeted by hackers. It was found one in five UK companies were in danger of being targeted when compared to their global peers, it was found to be one in ten. The research conducted spoke to 4644 business executives, and a common theme that was found was unfortunately a lack of collaboration within the business community, as a lot of the attempted hacks were via third parties.
Also, the UK has joined its allies in jointly creating advice and guidance on how to stay safe online. The UK has joined up with the United States, Canada, Australia and New Zealand to produce quality advice and guidance for people conducting business and living their lives online.
For additional guidance, please visit the National Cyber Security Centre (NCSC), Action Fraud and the Take Five campaign websites. Also please do not hesitate to contact us with regard to training, advice and guidance on how to protect and prepare yourself or your business online.