1/20/2024 0 Comments Duo mfa outageSince the user would be aware of the password theft, they could reach out to IT for assistance. With MFA, the attacker could steal the password, but they couldn’t answer the MFA prompt provided by Cisco Duo. Also, the end user would be alerted to the theft of their password by the MFA prompt appearing on their phone. This is where an attacker could jump from workstation to workstation, or even a server until they access the data that they seek. If that employee doesn’t have access to sensitive information, with their credentials, the attacker could breach their workstation and begin the process of island hopping. Without reviewing the email, nor regarding how that they typically obtain voicemails via email, the user clicks a link to open the voicemail. They are delivered to a website which offers to allow them to review the message if they enter their email address and password. Depending on the individual and their position in the city, they may have direct access to sensitive information. The email claims to contain a voice mail message. With MFA (multi-factor authentication), the screen would time out, and even if the employee had their password in plain sight, the attacker wouldn’t be able to answer the MFA prompt provided by Cisco Duo. The attacker steals personally identifiable information with the plan to commit identity theft. That individual has walked away from their PC and gone to a meeting. An individual walks in off the street wearing a North State shirt and carrying a clipboard in an effort to blend in. They walk into an individual’s office that has a privileged level of access to Lawson.Employment records (Social security numbers, Bank and Routing numbers, Health insurance ID number, Personally Indefinable Information, etc.)Īs an employee of the City of High Point, it is our duty to protect this information. Bad actors – both local and abroad – pose a threat to this data. Here are examples:.Payment information (card holder transactions by the Library, Parks and Recreation, High Point Transportation, Customer Service, etc.).Utility records (payment history, utility use data, outage records, etc.).Public Safety data (Criminal/Arrest Records, Arson Records, Recorded calls to 911 dispatch and all call records entered into CAD, etc.).Examples of the data collected include but are not limited to: These will provide transparency to the level of information collected by Duo in which City IT will have access to. However, before describing those documents, we’ll describe why multi-factor authentication is important to the City of High Point and why it will become a job requirement. As a local municipality we collect and store various data regarding citizens, employees, and those that choose to conduct business in the city. At the bottom of this article, you will find a couple of PDF captures from a user’s profile in the Cisco Duo console. There are many concerns regarding privacy and the Department of IT Services wants to assure users that the Cisco Duo Mobile App is not an invasion of privacy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |