Security

Partner Security Checklist RSA SecurID Breach

Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. View our editorial policy here. Partner Security Checklist RSA SecurID Breach Improve Physical SecurityThe physical security of token servers is tantamount, and similarly partners need to stress the importance to token holders of keeping…

Ericka Chickowski

Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. View our editorial policy here.

1Partner Security Checklist RSA SecurID Breach

Improve Physical SecurityThe physical security of token servers is tantamount, and similarly partners need to stress the importance to token holders of keeping close track of their devices. Depending on the attack, physical access may be the only thing a well-equipped hacker needs at this point.

2No Title

Consider Turning Off Remote AccessIt may not be a possibility for some systems, but this option is the most secure choice until RSA offers more details about the breach.

3No Title

Reexamine Passwords and PINsTokens are part of multifactor authentication schemes. Passwords and pins are more important than ever if you choose to keep remote access on while the situation unfolds. Be sure to educate and enforce strong password principles.

4No Title

Train Help DeskIs your help desk staff giving away key information about customer accounts to social engineering scammers? If you’re not sure, it’s time to retrain.

5No Title

Lock Down Active DirectoriesRSA is suggesting that organizations implement two-factor authentication to control access to Active Directory and to keep special monitoring tabs on and to stay on the lookout for unusual account behavior.

6No Title

Explore AlternativesIf you or your customers are unsatisfied with RSA’s response, if customers can’t afford to be without remote access or multifactor authentication, or if your customer was already unhappy with the unwieldiness of tokens, now is the time to look for authentication alternatives.

7No Title

Monitor Privilege LevelsService providers will especially want to watch their customer’s accounts closely for unusual changes in privilege levels and access rights and potentially may even want to add manual approval for changes in key accounts.

8No Title

Train Employees On Social EngineeringCustomer and partner employees need to be reminded of why they need to avoid giving away credential information over the phone or email. They should also be instructed to report these requests.

9No Title

Patch, Patch, PatchEnsure that customers have not only patched their operating systems and key apps, but also their security software.

Ericka Chickowski

Contributing writer

Related Articles

Subscribe for updates!

You must input a valid work email address.
You must agree to our terms.