Over the last few weeks, we have focused on authentication progressing through an overview of Multi-Factor Authentication (MFA), the most used type of MFA – one-time password (OTP), and today we will review some of the most common delivery methods for OTPs (One-time passwords). Regardless of which One-Time Password (OTP) authentication method you use, choosing an OTP generator like an authenticator app or key fob is a safer way to use MFA/OTP than, say, SMS texting. Cyber criminals have found ways to intercept SMS codes, whether it’s SIM card fraud, accessing an iCloud or Google account tied to your messaging, or by sending you an infected link allowing them to take control of your phone remotely and view your messages directly on your device. While SMS-based MFA might be better than no MFA at all, it is a lot less secure than using a hardware/physical key code generator like a key fob (which we reviewed in our last blog) or having an authenticator app on your mobile device.
The evolution of multi-factor authentication (MFA) is like that from the turning rotary phone, to the first mobile phones, and then the smartphones we use today. The ever-changing landscape of threats and best practices has led to constant innovation in authentication. The MFA we have today is vastly different from that of the ’90s when the earliest form of two-factor authentication (2FA) was invented and patented by AT&T. 2FA is just as the name implies: in addition to a password, an additional factor of authentication must be used to ensure the users' identity. This is especially true when it comes to your personal information (PII) or your organization’s proprietary information (PI). As we all know, a password is only as strong as the person using it, and to remember a password a user may tend to make it something easy like password123! or write it down and stick it to the back of their keyboard. This makes the idea of adding a second form of authentication very appealing as it could drastically decrease the risks associated with weak password policies and poor security practices. In fact, this has been proven to be highly effective at stopping cyber attacks using username and password combinations.
Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.
In the IT industry there are many words used when discussing the topic of authentication. Some of those words often used are multi-factor authentication (MFA), two-factor authentication (2FA), time-based one-time password (TOTP), one-time password (OTP) and more. It is important to understand that here are dependencies and differences amongst these terms. For example, two-factor authentication (2FA) is a subset of multi-factor authentication (MFA) because it requires more than 1 form of authentication - i.e 2FA is under the MFA umbrella. Additionally, there are multiple types of 2FA/MFA such as one-time password (OTP). Lastly, there are variations of OTP methods like TOTP, HOTP, etc. Therefore, all of the above would be considered multi-factor authentication. Your authentication method(s) can thwart would be attackers. It seems like all too often we hear about a different company falling victim to a cyberattack (some of which are massive enterprise corporations/conglomerates). In this blog we take a look at the various methods of authentication available to protect your business.
File transfer protocol has been around for decades. But FTP as originally conceived was not necessarily a secure way to transfer files between two parties. Things are different today. Organizations that need a secure protocol for transferring files have access to plenty of FTP alternatives that can get the job done. In this post, we will walk through your secure FTP alternatives, and we will also provide guidance on how to set up a secure FTP system for your business. If you have any questions about secure FTP, you can always reach out to us to learn more.
Cybersecurity threats exist all around us, no matter what industries we may work in. The organizations that emphasize computer security best practices are the ones that will succeed at preventing threats from becoming realities. Training in computer security isn’t always handled properly, though. To ensure that your organization is staying safe from cybersecurity threats, here’s a look at computer security best practices for fighting internal and external threats, as well as best practices for keeping data safe from former employees.
Large enterprises operating in the cloud need compliant and secure environments for transferring sensitive files: files that include personal information, proprietary information, HIPPA-protected information, information related to national defense, plus more. These large corporations might have the expertise, but typically don’t have the time needed to build and secure their own file-sharing systems. In-house team members are typically being pulled in a multitude of directions by other business units, which is what makes enterprise FTP solutions and platforms so attractive. Enterprise FTP solutions can provide the high number of concurrent connections, plentiful user licenses and large amounts of storage that large businesses require. What specifically should you be looking for in enterprise FTP solutions? Here's a 7-point checklist of must-haves for large companies exploring file transfer solutions.
Corporate servers are loaded with sensitive information. If this information falls into the wrong hands, it could lead to regulatory violations, breach-related liability and even embarrassing headlines. An ecosystem of frameworks and protocols has grown out of the need for secure data storage and sharing. FTPS is one of those protocols used to protect data in transit. But how does FTPS work? And what makes it different from other file-sharing protocols? We’ll address those questions and others below. Continue reading to learn more about your options for secure file storage and sharing, and get in touch with the FTP Today team to ask questions or talk about your organization’s specific file-sharing needs.
In late summer 1996, the President of the United States signed into law the Health Insurance Portability and Accountability Act. This law today is better known by its acronym — HIPAA. HIPAA is designed to protect the private and personal information of healthcare patients, including “diagnosis, treatment information, medical test results, and prescription information.” While HIPAA is no doubt an essential law for protecting patients and their health-related information, it does create a burden for companies and other organizations that store and transfer files that contain HIPAA-protected information. See below for more information on HIPAA-compliant online file sharing.
All organizations store and share files and data that are sensitive on some level. Health care is the No. 1 industry for storing and sharing sensitive files, followed closely by the legal industry — which makes secure file sharing for law firms a priority that too often goes overlooked. The volume of sensitive information handled by law firms, this includes both corporate information and sensitive data related to tax returns, makes the legal industry a major target for hackers. This calls for strict policies around how that information can be stored and shared digitally. Bloomberg reports that more than 80% of the top 1,000 law firms in the world had sustained a recent data breach. That’s bad news for firms – and their clients. Breaches can be costly, not just because of ransomware payouts but also due to the damage to a company's reputation that emerges from a breach. The good news is that tools exist to make secure file sharing for law firms a reality.
In the modern age, cybersecurity has become a serious priority for organizations operating in both the public and private sectors. Government entities prioritize cybersecurity to prevent foreign actors and third parties from accessing state secrets. Corporations and other businesses prioritize cybersecurity to prevent ransomware, the loss of proprietary information and trade secrets, and generally to secure any information and files they store and share. What is SOC 2 and where does it fit within the emerging cybersecurity universe that’s growing more important with each passing year? SOC, an acronym for “System and Organization Controls,” is a cybersecurity risk management reporting framework that includes different levels for different types of organizations — SOC 2 is the second level of the framework designed for service providers. The SOC framework and SOC 2 requirements for service providers have become a universally accepted standard for securing information, data and files. At FTP Today, we are SOC 2 certified with the GOVFTP Cloud in scope. This is one of the best ways to ensure we’re securing our users’ data and files while minimizing the risk of outside threats. See below for more details on the SOC framework, on SOC 2 compliance, plus what it means for your organization.