Technology Decision Makers

last person joined: 17 days ago 

A group for those in nonprofit IT decision-making roles to connect with peers and share best practices. This Technology Decision Makers group is for nonprofit IT or MIS Directors/Managers as well as CIOs and CTOs to connect with their peers and share best practices. Topics for discussion include, but are not limited to: hardware and software management, product reviews, emerging technology, best practices, collaborating effectively with other departments, and management conundrums. Membership is restricted to IT staff at nonprofit organizations.

Good article touching on MFA, SMS and other issues discussed on yesterdays call

  • 1.  Good article touching on MFA, SMS and other issues discussed on yesterdays call

    Posted Jul 25, 2019 14:57
    This is primarily for those who were on the monthly call yesterday, but obviously anyone else who finds this helpful - great!

    Short read - good stuff including visual explainers of how MITM (Man-in-the-Middle) attacks can capture SMS 2FA codes.

    The Unsexy Threat to Election Security

    Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.

    Key takeaways:

    1) After getting email breached, the county implemented 2FA for email, but still doesn't have it in place for Twitter, Facebook, Instagram & YouTube.

    2) 2FA was implemented via SMS

    The recommendation from the grand jury (no shock here):

    1) Implement 2FA across all the social media channels
    2) Replace SMS with a less vulnerable form of 2FA, recommendation is FIDO security key (e.g. Yubikey or similar)

    I still say that using SMS for 2FA is much better than NOT using 2FA at all, but I am being swayed to the point of view that if you are going to go through the trouble of implementing 2FA, go ahead and use Smart Tokens or Security Keys since you'll probably have to do that at some future point anyway.

    Joshua Peskay
    Vice President
    RoundTable Technology
    picture of work desk from home with notebook, glasses, coffee, keyboard