Texting has become one of the most ubiquitous forms of direct communication, especially for short, quick bursts of info. Almost everyone has a phone and thumbs, so…why talk when you can type? It's safe, right? No one is going to see your text message but its intended recipient(s) – you think. And how would you know if someone intercepted your text about picking up Brandy at the dog groomer, or where you're meeting the gang for happy hour? Besides, does anyone else care?
But what about those times when you reset a password or enter a shipping confirmation number via text. Are those messages and responses from automated text messaging systems safe? Is sensitive information contained in some of those messages – account numbers, passwords, email and physical addresses – left open for anyone to see?
They shouldn't be, but these days you never know. Phone numbers can be hijacked or forwarded without your permission. The icon on your phone shows you're connected to your trusty network, so everything must be secure…but text messages aren't actually a direct Device A to Device B transmission.
Reduce Exposure to Security Breaches
A text going from a business to your phone can be a multi-step process involving several companies, especially if you're texting using a different carrier. Companies often use outside vendors to handle things like verifying a customer's phone number or using multi-factor authentication. Once authorized, carriers then release the text message contents to get it delivered to the appropriate phone(s) or device(s). If any of the servers in this messaging/authentication chain or network ports are left unguarded, it may be possible for hackers to access your messaging threads. While every carrier will tell you they offer multi-layer security features to protect your data and privacy against such threats, well, cyber criminals are always one step ahead of the good guys. You don't want to risk someone scraping a password or shipping confirmation number off your texts any more than you want a stranger picking up Brandy after her grooming.
Better safe than sorry. Here are some tips to improve texting security:
1. Use two-factor authentication (2FA)
This authentication method only grants access or allows transmission after the user verifies their identity using a combination of two different factors, usually a password plus correctly answering an obscure question about something only they would know, like a maiden name or old street address. This prevents someone from accessing an account even if they have your password. Google Authenticator and 1Password are examples of popular self-contained authentication apps with built-in 2FA code generators.
2. Make sure your devices are “trusted devices”
You may get annoyed at the Trusted Device protocol many sites insist on following when downloading an app or iTunes song, for example, but it’s an important step to protect you when signing into sites using different devices or browsers.
3. Employ software tokens
Microsoft Authenticator is one example of a popular software token-based solution; others include Twilio Authenticator and LastPass Authenticator. These apps rely on a time-based one-time password (TOTP) algorithm to generate a short-lived (30 seconds or less) password. For verification, the user must copy the password into the website's or app's required field before it expires.
4. Distribute hardware tokens
These physical devices, sometimes called dongles, are typically USB flash drives or keychain fobs that store authentication and certificate data for that user. Hardware tokens do not require cell phone reception or even Wi-Fi; however, they are costly to set up and maintain, and employees often misplace or confuse them with other personal devices.
5. Use biometrics
This emerging technology eliminates additional devices altogether and instead relies on a user's inherent credentials, such as fingerprints, retina, or even gait to verify a user.
RCN is dedicated to helping small businesses operate more productively and securely. Contact us today to learn how we can help transform your digital communications with a host of smart choices in products, solutions and contracts.
Network Security White Paper
With the rapid adoption of new technologies like the cloud, businesses large and small can no longer afford to ignore this surge. While fraudulent activity will continue to become more sophisticated, you can still prepare your company by simply educating yourself on the types of threats out there.Download the White Paper