Why Aren’t We Taking This Simple Step to Prevent Ransomware?
In the world of cybersecurity, we’re still in the mid-’80s. And we’re in the middle of a growing public safety crisis.
When you access your bank account or other sensitive information online, you enter your password and then, usually, a verification code that has been texted to your phone.
But there’s one place where Americans don’t experience that second step often enough: Logging into their work computers and email accounts.
And that needs to become as routine as using a seat belt.
Ransomware, which worms its way in via phony emails or stolen passwords, shut down a major gas pipeline this year. No company is ever totally immune, but the best defense is a very affordable piece of technology called multi-factor authentication.
Microsoft describes it as an added layer of protection designed to ensure that you're the only person who can access your account, even if someone knows your password.
With multi-factor authentication, you have to provide two pieces of information when you sign in — the password and often a verification code that's sent to another of your trusted devices, like your cell phone.
So your password alone is no longer enough to secure your account. An attacker would need access to your phone, too, thus dramatically improving the security of your information.
It’s like a seat belt for your company or your most precious data.
In the early 1980s, only 14 percent of Americans regularly wore seat belts, even though federal regulators had required them to be installed in cars starting in 1968.
The History Channel last year told the story of how Americans dropped their resistance. In 1985, then-Transportation Secretary Elizabeth Dole issued a rule requiring automakers to install passive restraints, such as airbags, in all new cars unless two-thirds of states passed mandatory seat belt laws by April 1989.
History reported: “Dole’s rule was so politically adroit because it looked like a regulation, but was really a gift to the auto industry. Cars already had seat belts, so all Detroit had to do was convince states to pass mandatory seat belt laws and it was off the hook for installing expensive airbags or automatic belts.”
In the end, the automakers had to do both—because some states resisted being told what to do. Today, only New Hampshire doesn’t have a mandatory seat belt law for adults.
In the world of cybersecurity, we’re still in the mid-’80s. And we’re in the middle of a growing public safety crisis.
According to The New Yorker, by 2015, the United States was subjected to a thousand ransomware attacks per day; by the following year, that number had quadrupled, the FBI estimated. By 2020, the average ransom payment topped $200,000; a majority of companies pay up.
It is time to nudge or compel companies to install two-factor authentication on all of their systems.
For users, it requires just a few extra clicks. So I say: Click it or ticket.
Chandra Brown is the CEO of MxD, the nation’s digital manufacturing institute, which is home to the National Center for Cybersecurity in Manufacturing. She previously was Deputy Assistant Secretary of Commerce for Manufacturing at the U.S. Department of Commerce.