@ShahidNShah
Don’t be a 2-factor 'phushover'
So, what if I told you that I have observed, through security data, seeing upwards of 4% or more percent of your employees could be negating the value of MFA by accepting unsolicited push notifications – effectively allowing a malicious actor to bypass the controls offered by that second factor? Another aspect to push notification that provides an extra security perk is that the end user can detect and report on fraudulent unsolicited requests. How can we detect when someone implements an automation tool to always accept a 2FA push and/or help raise awareness for those users who are likely to accept unsolicited 2FA pushes? The answer is found in creating phushing awareness, or two-factor push phishing awareness. Create a positive awareness follow up to educate users and focus on getting them to report invalid pushes as fraudulent. Notify your security operations center and help desk before a phushing campaign, and space out the pushes so that there isn’t a huge impact on the help desk. While there are numerous options, the push Mobile out of band method is growing in popularity because it is generally more secure, more user friendly, and has feedback options for fraudulent reporting. Despite this, there remains vulnerability, thanks to clever folks who look to automate the push interaction and those users who simply accept unsolicited push requests. Fortunately, most MFA providers have the ability to integrate via API, which allows a security team to create a phushing tool that can send fake push notifications to their users to build awareness. This will give the security team the data needed to reduce the risk associated to push vulnerabilities.
Continue reading at healthcareitnews.com
Make faster decisions with community advice
- 'A little bit sci-fi': How robots can make a dent in nurses' workloads
- 5 recommendations for improving clinical communication
- Is Empathy The Key to Healthcare Collections in 2022?
- Therapeutic Alliance: Building Relationships With AI Therapy Chatbots
- Vital Start Health Launches Virtual Reality-Enabled Telemedicine Platform for Maternal Mental Health
Next Article
-
Is Empathy The Key to Healthcare Collections in 2022?
Moving into 2022, healthcare collections have the opportunity to connect with patients on a human level – treating the patient with humanity and empathy as is done within the four walls of the exam …
Posted Apr 18, 2022 Healthcare