How is Fourth Defending Against Online Threats, such as Ransomware?
The continued confidentiality and availability of our customer's data is of critical importance to Fourth and we have previously identified ransomware as one of the key threats to online businesses. In 2021 Fourth invested heavily to further reinforce its defences against this and other threats, including:
- An expansion of multi-factor authentication (MFA) to cover all remote entry points
- Continued improvements in our network segmentation and segregation
- Building upon our principle of least access towards a complete zero-trust network
- The implementation of Endpoint Detection Response (EDR) across the entirety of the production network
- An even faster response time to zero-day threats
This is in addition to existing defences such as monthly patching, EDR across all client endpoints, threat monitoring of internal networks, and automated monitoring of suspicious account activity. Fourth's Risk Steering Committee continues to monitor and establish responses to the ever-evolving threats of the modern online world, allowing Fourth to be a partner you can rely on.
-
Official comment
Hi Tom, Bronwen,
Thank you for your questions.
Multifactor Authentication for login to Engage and the Fourth app is already available for customers using Fourth as their IDP. If you want this enabled for your users' profile(s) then please speak to your customer representative.
Once this is activated then users accessing Engage, and admin users accessing the portal/console, using a Fourth Account and password would be subject to this additional restriction.
And in those cases where an authorised Fourth employee “impersonates” a user who has MFA enabled, for troubleshooting purposes, that user would still need to approve the login via their second factor in order for the Fourth employee to gain access.
Note that if a customer uses their own external IDP (like ADFS, Okta, etc.) then it is likely that that system will be responsible for authentication of the user via one or multiple factors.
Thanks,
Michael
-
Is there a plan to launch multi factor authentication for Engage log in?
1 -
Building on Tom's question, I'd also like to know if MultiFactor login is used by Fourth staff accessing our portal? And is MFA a possibility for for our admin users who do not use SSO via Engage? (They log straight into the portal using a traditional login and password)
0 -
Good point re Fourth staff. For reference, this is a question posed by our IT team as it is their expectation that this can be enabled or at the very least is in development.
0 -
Thanks Michael. Coming from a very non tech brain, what is an IDP and how do I know if we're using Fourth as the IDP?
0 -
Sorry Tom but we love a good TLA* in the software game.
IDP stands for identity provider which is a service that creates, stores and verifies user identity using one or more authentication factors, such as a password or an authenticator app on your phone.
The idea of multi-factor authentication is to increase the certainty that the user is who they say they are by asking for more than one thing; usually "something you know", like a password, and "something you have" like your phone.
You're probably using Fourth as your IDP if you log directly into Engage (or the Fourth app or the admin console) with a username and password today.
However, if you log in somewhere else first then your probably using an external IDP. Your IT department would be able to tell you for certain because they would have worked with us to configure it (or you could ask your Fourth rep).
Hope that helps.
*three letter acronym
0 -
Thanks, we do indeed log directly into Engage with username and password. LSNT*
*Learnt Something New Today
0
Please sign in to leave a comment.
Download Our App
Comments
7 comments