5 Steps to Improve Texting Security and Reduce Exposure to Security Breaches
You probably don’t give much thought to the security of a text message. Usually it’s a stream of consciousness conversation with one or a few friends about where to meet for dinner or gossip about the day’s events. Nothing proprietary here…just a few sarcastic comments and laughing emojis. It’s not like it’s a business email or anything important, right? Besides, how would you even know if someone was eavesdropping on your texts about tonight’s dinner plans?
But what about those times when you innocently reset a password or enter a shipping confirmation number via text. Are those messages and responses from automated text messaging systems safe? Is sensitive information contained in some of those messages – account numbers, passwords, email and physical addresses – left open for anyone to see?
They shouldn’t be, but these days you never know. Phone numbers can be hijacked or forwarded without your permission. The icon on your phone shows you’re connected to your trusty network, so everything must be secure…but text messages aren’t actually a direct Device A to Device B transmission.
A text going from a business to your phone can be a multi-step process involving several companies, especially if you’re texting using a different carrier. Companies often use outside vendors to handle things like verifying a customer’s phone number or using multi-factor authentication. Once authorized, carriers then release the text message contents to get it delivered to the appropriate phone(s) or device(s). If any of the servers in this messaging/authentication chain or network ports are left unguarded, it may be possible for hackers to access your messaging threads. While every carrier will tell you they offer multi-layer security features to protect your data and privacy against such threats, well, cyber criminals are always one step ahead of the good guys. You don’t want to risk someone scraping a password or shipping confirmation number off your texts any more than you want a stranger knowing where you’re going for dinner.
Better safe than sorry. Here are some tips to improve texting security:
Use two-factor authentication (2FA)
This authentication method only grants access or allows transmission after the user verifies their identity using a combination of two different factors, usually a password plus correctly answering an obscure question about something only they would know, like a maiden name or old street address. This prevents someone from accessing an account even if they have your password. Google Authenticator and 1Password are examples of popular self-contained authentication apps with built-in 2FA code generators.
Make sure your devices are “trusted devices”
You may get annoyed at the Trusted Device protocol many sites insist on following when downloading an app or iTunes song, for example, but it’s an important step to protect you when signing into sites using different devices or browsers.
Employ software tokens
Microsoft Authenticator is one example of a popular software token-based solution; others include Twilio Authenticator and LastPass Authenticator. These apps rely on a time-based one-time password (TOTP) algorithm to generate a short-lived (30 seconds or less) password. For verification, the user must copy the password into the website’s or app’s required field before it expires.
Distribute hardware tokens
These physical devices, sometimes called dongles, are typically USB flash drives or keychain fobs that store authentication and certificate data for that user. Hardware tokens do not require cell phone reception or even Wi-Fi; however, they are costly to set up and maintain, and employees often misplace or confuse them with other personal devices.
This emerging technology eliminates additional devices altogether and instead relies on a user’s inherent credentials, such as fingerprints, retina, or even gait to verify a user.
Astound is dedicated to helping small businesses operate more productively and securely. Contact us today to learn how we can help transform your digital communications with a host of smart choices in products, solutions and contracts.