PIN Verification: We’re Adding An Extra Cybersecurity Layer To Defend You From Social Engineering
Social engineering is a highly effective method used by cybercriminals to exploit users like you. In order to keep you safe, we’re deploying a new PIN verification system (at no extra charge) to authenticate your users and protect your data.
Let me walk you through a frightening and common scenario: it starts with a cybercriminal targeting your medical practice.
With minimal effort, they figure out the name of a few of your staff members and identify ProTechnical as your IT company.
Maybe they visit your premises and check out your staff members’ name tags. Maybe they spot a ProTechnical sticker on a piece of hardware or see the support number written out on a post-it note on a desktop.
Next, they call us, pretending to be one of your employees. They ask for a password reset, which will allow them to penetrate your systems, and steal your data.
The big question is: how are we supposed to know that they aren’t who they say they are?
The Power Of Social Engineering
Social engineering is scary because it’s effective.
43% of surveyed IT professionals said they had been targeted by social engineering schemes in the last year. Furthermore, recent statistics found that 63% of successful attacks come from internal sources, either via control, errors, or fraud.
The bottom line is that people are hardwired to trust each other. As much as we’d like to believe that our support staff knows your team so well that they would know if an imposter was calling on your behalf, it’s simply too big of a risk to take.
That’s why we’re taking the extra step to protect our clients, by adding an additional layer of security — PIN Verification.
How Does PIN Verification Work?
PIN verification is like multi-factor authentication for your IT support process. If a client needs our team to perform a support task, this verification process will make sure it’s a legitimate request.
Here’s how it works:
- One of your team members calls ProTechnical to get their password reset.
- We send a one-time verification PIN to their smartphone or email account that’s already been registered with our team.
- The caller reads back the PIN to our support team member to verify their identity.
This process eliminates the possibility that an imposter could pose as a member of your team. In order to get the password reset, they must possess the user’s cellphone, or have access to their email.
This process will even work with any remote team members you have. They just need to register their home phone with our team. If there is no direct contact number registered, our team will call your practice directly to verify.
ProTechnical Is Committed To Keeping You Secure
Don’t forget, this is a free service that all ProTechnical clients will have automatically implemented for their support process. We’re not adding this feature in order to make an extra buck — we’re doing it to keep our clients safe.
If you have any questions about PIN verification and how it works, get in touch with our team.