Cybersecurity is essentially a regime to prevent unauthorized access. Authorized users are authenticated most commonly via a username and password. However, requiring just a password with a username for access is considered a weak protection control. Weak because it is a simple matter to misappropriate the credentials and then such authentication fails when an unauthorized user gains access.
The JP Morgan Breach
In July 2014, JP Morgan suffered a cyber-attack that apparently affected 76 million households and 7 million businesses. According to a NY Times article written on December 22, 2014, the breach was due to an overlooked server that had not been updated for security purposes. The article stated the following:
“Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.”
What is Two-Factor Authentication (2FA)?
Think of a password as the key that opens the lock. 2FA requires two keys. This means that in addition to a password, some other type of authentication factor is required, such as answering challenge questions, using a security token, or even a biometric (unique biological characteristic) such as a fingerprint scan. A simple way to think of 2FA is that the second factor can be: (i) something you know (answer to a challenge question), (ii) something about you (fingerprint scan), or (iii) something you have/carry (security token on your cell phone.) 2FA is an economical way for smaller firms to implement reasonable protection controls as part of their overall cybersecurity program.
The Core Compliance Cybersecurity Action Plan
If cybersecurity is something that keeps you awake at night, Core Compliance is here to help. We’ve developed the “Core Compliance Cybersecurity Action Plan” which is a six-step plan designed to assist small and mid-size advisory and broker-dealer firms in better defending against cyber-attacks, both effectively and economically. To find out more, please contact us at (619) 278-0020 to schedule a consultation.