The privacy and security of our clients’ data and personal information are of the utmost importance to FGMK. With all of the data breaches that have occurred, it is important for us to ensure that we are doing all that we can to protect the sensitive information which resides in our systems. As an additional security precaution, FGMK implemented multi-factor authentication for its client portal on April 29, 2018. This is a security control that has been widely adopted by many organizations to ensure that there is an additional layer of security over sensitive information.
Multi-factor authentication is a method for granting access to online resources through the use of two or more pieces of evidence that are presented by the user before they are authorized for access to the system. Typically, this is done by requiring the user to first input their user ID and password, and then by sending the user another piece of information as a one-time passcode to a pre-determined location like their cell phone or email account. The user then enters that second piece of information into the application before they are granted access to the system. This method of authentication provides an extra layer of security because even if a hacker has gained access to the login credentials for the user, they will not typically have access to the user’s cell phone or email account and therefore will not be able to receive the required passcode for access to the system.
For the multi-factor authentication that will be implemented on the FGMK client portal, it is important to note that this authorization mechanism will be in effect every time one of these conditions occurs:
This type of security risk is important for everyone to consider in their own business environment. A common misconception is that data breaches only occur in certain types of industries and only in very large companies who collect personal information that is valuable to a hacker. Studies have shown that these types of breaches and other cybercrimes occur in business of all sizes and across all industry sectors. The reality is that hackers can monetize any personal information and most company data that they are able to obtain during their activities. It is imperative for all companies to appropriately consider this risk and ensure that only authorized individuals have access to their most sensitive data, including information related to their business activities, customers and employees. Companies should ensure that they are being vigilant in protecting their data by:
Formalizing their risk management processes so that they can proactively identify and manage security risks that threaten the loss of data and system outages.
If you have any questions about the implementation of the multi-factor authentication, or you would like to have a conversation about cybersecurity issues in your organization, please contact FGMK so that we can address your concerns.