Fuse is a Microsoft Partner, based in Northampton. We help organisations of all sizes to maximise IT efficiencies through the use of Microsoft cloud computing solutions.
Enhancing Cybersecurity Practices at Fuse CS
Strengthening Password Reset Procedures to Protect Customer Data
Cybersecurity has become a pressing concern for many organizations in the wake of recent cyber attacks across the UK. Major stores like M&S, Co-op, and Harrods have all been targeted through sophisticated social engineering tactics aimed at their IT help desks. By posing as legitimate users, threat actors successfully tricked IT teams into resetting passwords, thus gaining access to valuable company, employee, and customer data.
In response to these alarming incidents, Fuse CS is implementing significant changes to its cybersecurity practices, particularly in how we handle password reset requests from our customers. These changes are designed to bolster our defences and ensure the integrity of both our systems and yours.
Multi-Step Authentication
To verify the identity of customers, we are introducing a multi-step authentication process. This will involve several layers of security, including:
- Answering security questions
- Providing additional identification details
- Legitimacy check through multiple channels of communication
Together this combined approach ensures that the request is authentic and not a result of social engineering tactics.
Tightening Conditional Access Policies
In line with best practices, we are tightening our conditional access policies around MFA (Multi-Factor Authentication) reset requests. This includes:
- Only allowing re-registration from trusted locations like your primary office building
- Verifying the identity of the requestor before any changes are made
Context Verification
When customers request a password or MFA reset, we will ask for the context behind the request and verify the plausibility of their explanation. This additional layer of scrutiny ensures that the request is legitimate and not part of a social engineering attack.
Submission Through Web Portal/Ticketing System
All password and MFA reset requests must be submitted via our web portal into our ticketing system. This change eliminates the risk associated with requests made through calls or emails, which are more susceptible to social engineering.
Employee Training
We recognize that our IT staff play a crucial role in maintaining the security of our systems. Therefore, we will conduct comprehensive training sessions to ensure they are well-equipped to handle all requests safely and securely. The training will cover:
Identifying Phishing Attempts
Staff will be educated on common phishing techniques and how to recognize them. This knowledge will enable them to spot suspicious requests and take appropriate action.
Secure Communication Practices
We will emphasize the importance of using secure communication channels and verifying customer identities. By doing so, we can prevent unauthorized access to our systems.
Incident Response
Our staff will be prepared to respond effectively to any suspected breach or suspicious request. This readiness is essential for minimizing the impact of potential attacks.
Conclusion
We are committed to enhancing the security of our systems and protecting our customers’ sensitive data. By requiring rigorous verification from customers before processing password resets and MFA changes, we aim to thwart potential attacks and ensure the integrity of our cybersecurity practices. We believe these measures will significantly bolster our defenses and contribute to the overall safety and trust of our services.
At Fuse CS, we understand the importance of staying ahead of cybersecurity threats. Our proactive approach to enhancing our security protocols ensures that we are well-prepared to face the evolving landscape of cyber threats. By continuously improving our practices and training our staff, we aim to provide a secure environment for our customers and their data.
