Recent events highlight the critical role played by hardware security keys.
Your online accounts may be vulnerable even if you use codes on your phone to secure them. MFA (Multi Factor Authentication) failed at 130 SaaS (Software as a Service) and software companies in August 2022.
MFA failed because hackers broke into services used for MFA verification. Then they hacked the 130 downstream companies using stolen credentials.
How Did They Do It?
They sent phishing texts, aka smishing (SMS phishing), that linked to fake "password reset" pages that mimicked real vendor webpages.
The criminals planned and executed cascading attacks through multiple vendors, earning the grudging respect of security analysts.
What can you do?
Two things. First of all, understand that there is no perfect defense against hackers. They can and will break through antivirus defenses and firewalls; however...
... you can catch thieves after they break in. With Huntress, an EDR (Endpoint Detection and Response) service, even small firms and solos can have Enterprise-level technology and expert teams on their side. While we cannot stop every break-in, we can catch the thieves in the act.
Secondly, a hardware security key can stop break-ins cold. Thieves can't steal your hardware key, such as Yubikey, from anyone in the supply chain.
We use Yubikey and other defenses to protect our backup and cybersecurity services. You would do well to double-lock your treasures, too!
Questions? Call me at 952.922.1120 or email me at: info@securemyfirm.com