An Open Letter to State and Local Officials — Is the Front Door Locked?
Dear Governors, Mayors, Legislators and County Officials,
Each day there are more and more stories about ransomware and threats to forthcoming elections. I'm sure it's already on your mind.. Congress frequently bemoans the inaction at the state and local level and warns about the dire consequences of further inaction. Yet, it’s not that simple. Yours is not a single enterprise of which any one entity has dominion over. To the contrary, it’s a loose federation of state and local agencies with divergent requirements, needs.
From the needs of a legislator, to a citizen, to a government employee accessing retirement information or a even first responder, there are various levels of access that need to happen quickly and securely without disrupting the business at hand. Multi-factor authentication (MFA) is a recommended solution by the federal government because it does exactly that.
Make no mistake about it, I am not suggesting that there is a single solution that can thwart all attempts. However, studies suggest that many of these attacks begin when user credentials are compromised. This is referenced in NASCIO’s recent report. One can make the simple comparison between cybersecurity and home security. Hackers are like burglars, they case the joint, they look for the open and easy paths first.
The first and most common things bad actors do is they go around the house wiggling doors and windows hoping they’ve been left ajar. That’s what phishing is. Consequently, start by locking the doors and windows. In cyber security, usernames and passwords are like windows and doors with insufficient locks — and the phish is the preferred lever of the attacker. Multi-Factor Authentication (MFA) provides a stronger lock. That's what we, here at Duo do.
A strong form of multi-factor authentication is as fundamental to "election security" and "enterprise security" as home locks are to your front door and windows. The stories of compromise from the last election and ransomware all started from the same open window — username and passwords were compromised and phished.
Our tagline at Duo is "democratizing security" because Duo MFA is easy to use, and easy to deploy. Through greater ease of deployment and simplicity, you get greater use and you reduce risk by locking down all the easy points of entry — like locking ALL your windows and ALL your doors at night.
Remember, much of the trouble during the last election was the distrust it created in our democratic institutions. Much of that distrust started because individual credentials were compromised. Consequently, it’s not so much inaction, but the inability to take holistic action. All the bad guy needs is one opening.