Cast your memory back to the just before the 2016 US election. Remember John Podesta? He was the campaign organizer for Hillary Clinton who fell for a sophisticated phishing email and inadvertently gave his credentials to nefarious actors. On March 19, 2015 John got an email that looked like it was from Google which “notified” him that his password had been compromised on his Gmail account.
John, like many people, was convinced by this email and used the link within it to “change his password.”
In doing, John had given the other side an advantage. They sat in his mailbox watching and waiting for the right opportunity to use the information to help promote their desired candidate. We all know who that candidate was right?
Now what does this have to do with two-factor authentication, or 2FA?
Let’s paint a picture. Imagine Mr. Podesta had 2FA turned on within his Gmail settings and when these quasi-villains had tried to access his account, Google had sent him a text code to confirm that it was really him trying to log in. John would have immediately known something was up, denied the login, and a boatload of critical “oppo research” would have stayed with its owner. Our scheming villains would not have been able to time the release of this information so as to embarrass Mr. Podesta’s candidate, and perhaps history would have played out differently.
Email is a very old technology at this point in the world of internet stuff. Protecting the authentication methods for it is important for every organization. 2FA, or Multi-factor authentication is one of the best methods of making sure your data stays protected.
Hackers typically stay in a compromised mailbox for some time before choosing how to act on the information gathered. Sometimes, they’ll monitor an accounting mailbox, looking for correspondence about accounts payable or receivables. Eventually, they’ll send an email to customers or vendors telling them to change payment accounts so that all payments are redirected to themselves, instead of you.
If Mr. Podesta’s story has swayed you a little, and you think it may be time to have this conversation about your infrastructure, give us a call. We can help.