While best practice security policies and technology help to better secure an enterprise’s critical systems and data,  the added disruption, inconvenience, and effort required by this stepped-up security often create real headaches and bad feelings toward the new policies and technologies.

This is described as a “general hatred of security,” by Mike Pinch, the chief information security officer at University of Rochester Medical Center (URMC), in a presentation to the URMC Security Council.

Bring-your-own-device (BYOD) policies are now a necessity for universities and colleges across the country. In Part 1 of this series, we covered the positives and negatives of BYOD, as well as the security implications of such policies. In this post, we’ll go over how to easily implement secure BYOD using a modern identity and access management (IAM) platform.

Gone are the days of your employees working a standard nine to five from within company walls. Today, employees often work remotely—from different devices and at all hours of the day.

If you’re active with any online service, then you have probably gone through the process of SMS two-step verification, in which a company or app texts a one-time code to your phone as a way to verify you are who you say you are in order to access the service or reset a password. But have you ever stopped to consider how secure this method truly is?

As businesses onboard more mobile and remote employees, partners, contractors, and other external users, the volume of people needing access to critical systems and data grows exponentially. And while this increased connectivity provides tremendous operational and productivity benefits, it also creates new attack vectors for intruders and cybercriminals.

In enterprises around the globe, it’s becoming increasingly clear that implementing mandatory password changes is no longer considered best practice for securing key systems and data.

Of course, we’ve long known that passwords are a weak link in the security chain. Eighty percent of hacking-related breaches in 2017 leveraged either stolen passwords and/or weak or guessable passwords, according to the latest Verizon Data Breach Investigations Report.

Another year, another Verizon Data Breach Investigations Report (DBIR), another depressing look into the state of global cybersecurity preparedness.  

What happens when stolen personally identifiable information (PII) is made public? Recently, the Federal Trade Commission (FTC) attempted to answer this question by designing and conducting a study to track the use of stolen information.

Now that we’ve built a base knowledge of multi factor authentication (MFA) and discussed the reasons why your organization might need and benefit from it, it’s time to talk about what to take into consideration when selecting and implementing an MFA solution.

A recent report, Cyber Criminals, College Credentials, and the Dark Web from Digital Citizens Alliance (DCA), confirms what has long been feared: The problem of hackers stealing the usernames, passwords, and personal information of students and faculty from colleges and universities and selling this information on the dark web is greater than most realized.