FoxPointe Security Hub

What is Remote User Identity?

Compliance Laptop

This article was written by James Farr, Consulting Manager & Jack Hunter, Intern.

Multi-Factor Authentication (MFA) is a comprehensive approach to authenticating users, relying on two or more credentials to verify an individual’s identity.  Typically, these credentials are chosen to be:

  • Something you know (i.e., a memorized password)
  • Something you have (i.e., a physical access badge or smartphone)
  • Something you are (i.e., a biometric identifier like a fingerprint)

In today’s digital landscape, usernames and passwords are regularly compromised and published in data breaches across the internet.  According to the Verizon Data Breach Investigations Report, stolen credentials are the number one attack methodology, being used in 24% of security breaches. [i] MFA can improve an organization’s security by integrating another layer of defense to block threat actors from accessing user accounts or services with stolen credentials.

 

Verifying Remote Workers’ Identities

While many benefits have been gained from allowing the post-pandemic workforce to operate remotely, there are novel security concerns related to employee authentication for organizations.  With the decrease in face-to-face interactions, how can an organization be confident that an individual accessing company assets is who they say they are?  By requiring MFA when remote users attempt to access company resources, the risk of unauthorized use is significantly reduced.  Having an additional verification method, like MFA, contributes to a strong foundation of trust between a remote worker and an employer before sharing resources or information. 

The US Department of Justice announced that more than 300 US-based companies were defrauded of millions of dollars by (often technically skilled) individuals posing as domestic IT workers when they were, in fact, agents of North Korea living abroad. [ii]: Rather than hiring the US citizen they thought had applied, these organizations unknowingly hired agents from North Korea using a network of accomplices and tech to defraud this business of at least $300 Million per year. These new attacks remind organizations that strengthening their background check procedures is a worthy investment.  Teams governing the hiring process should

  • Ensure that listed references are always verified.
  • Validate that individuals are physically located where they claim to be.
  • Verify information on resumes.
  • Utilize multiple forms of communication, including video calls.
  • Provide comprehensive security awareness training to employees who work in recruitment and hiring, with an emphasis on social engineering. 

 

Verifying Video Conference Attendee’s Identity

Remote meetings are a convenient option that allows people from across the globe to join a virtual meeting room, but with the rise of deep fakes, seeing and hearing are not necessarily believing.  Deep fake technology allows scammers to use AI to generate audio and video that looks and sounds like a celebrity, family member, or senior executive of a company.  In March 2024, a group of scammers invited a group of employees to a video conference.  When they joined the meeting, those on the call looked and sounded like real people, and the employees ended up transferring £20m to the scammers. [iii]

It may not be possible to stop all deep fakes, but there are a few steps that can help to reduce the likelihood of joining a fake virtual meeting and verify the identity of those in a meeting.  Organizations should adopt a platform to be used for all business meetings and train users on how to distinguish legitimate business links from those generated by outside organizations.  Policies and procedures should be established for the appropriate use of video conference meetings.  These procedures should include methods to ensure that financial transactions and the distribution of sensitive information follow the proper approval processes, which should involve approval steps outside of the virtual meeting.  Additionally, organizations should consider protecting all their remote meetings with a password to prevent uninvited guests from accessing the room and train users at every step so they can identify and report potential scams.

Conclusion

Remote work has the potential to enhance communications across the globe; however, these powerful tools come with additional risks. Verifying the identity of remote individuals is another mechanism for protecting organizational finances and sensitive information.

 

[i] (Verizon DBIR): 2024 Data Breach Investigations Report | Verizon

[ii] How North Korean Hackers Conned Their Way Into Remote Jobs… in 5 Simple Steps! https://www.spiceworks.com/it-security/data-security/articles/north-korean-hackers-infiltrate-remote-jobs/

[iii] UK engineering firm Arup falls victim to £20m deepfake scam https://www.theguardian.com/technology/article/2024/may/17/uk-engineering-arup-deepfake-scam-hong-kong-ai-video