1 00:00:00,000 --> 00:00:03,500 Do you know why it's called Taco Tuesday? 2 00:00:03,500 --> 00:00:08,500 No, Todd, why is it called Taco Tuesday? 3 00:00:08,500 --> 00:00:13,460 It was because Taco John's was using two TWAO for two 4 00:00:13,460 --> 00:00:16,220 tacos on a Tuesday was their deal, 5 00:00:16,220 --> 00:00:20,320 and now it got switched to Taco Tuesdays. 6 00:00:20,320 --> 00:00:23,060 And now everybody uses it kind of like the old 7 00:00:23,060 --> 00:00:25,520 traditional Kleenex Qtips, that whole concept. 8 00:00:25,520 --> 00:00:26,960 And that surprisingly, 9 00:00:26,960 --> 00:00:31,380 other organizations out there not naming other taco in 10 00:00:31,380 --> 00:00:34,720 their title names may not really love the fact that 11 00:00:34,720 --> 00:00:39,180 other people have a copyright on it. 12 00:00:39,180 --> 00:00:41,580 Yeah, wow, what a great icebreaker. 13 00:00:41,580 --> 00:00:43,240 That was good. 14 00:00:43,240 --> 00:00:47,620 Well, I guess so do people in this group? 15 00:00:47,620 --> 00:00:51,500 Do you talk on Tuesday or is there a meal that you are 16 00:00:51,500 --> 00:00:54,460 like every Friday like meatless Fridays or fish 17 00:00:54,460 --> 00:00:56,380 Fridays or things like that? 18 00:00:56,380 --> 00:00:58,900 Is there like a day of the week that's always 19 00:00:58,900 --> 00:01:02,140 consistent for your meals? 20 00:01:02,140 --> 00:01:04,760 I mean, I do Taco Tuesday just because it's easy to 21 00:01:04,760 --> 00:01:07,260 remember and easy to make. 22 00:01:07,260 --> 00:01:11,940 So I'm a Taco Tuesday person. 23 00:01:11,940 --> 00:01:15,820 I was just sharing with the group that we had tacos on Monday 24 00:01:15,820 --> 00:01:18,900 and the leftovers will be Taco Tuesday for us again this 25 00:01:18,900 --> 00:01:20,580 evening. 26 00:01:20,580 --> 00:01:24,660 But my boys like the concept of the Taco Tuesday. 27 00:01:24,660 --> 00:01:26,460 Pizza Friday? 28 00:01:26,460 --> 00:01:28,860 Pizza Friday is good. 29 00:01:28,860 --> 00:01:33,660 I don't do those, but I do for whatever reason love to order 30 00:01:33,660 --> 00:01:37,380 delivery pizza when it snows like crazy. 31 00:01:37,380 --> 00:01:40,660 I do tip well when it snows though. 32 00:01:40,660 --> 00:01:41,940 Who delivers your good snowstorm? 33 00:01:41,940 --> 00:01:44,740 That's clutch man. 34 00:01:44,740 --> 00:01:47,300 Do you do the same if there's like a rainstorm too? 35 00:01:47,300 --> 00:01:50,660 Just like they have to go out in the rain and get soaking wet 36 00:01:50,660 --> 00:01:52,900 to deliver your pizza? 37 00:01:52,900 --> 00:01:55,940 I don't know that I crossed my mind in the past, 38 00:01:55,940 --> 00:01:58,300 but OK, snow absolutely. 39 00:01:58,300 --> 00:01:59,860 Sure. 40 00:01:59,860 --> 00:02:01,940 Well, we're not talking about snow for a long time 41 00:02:01,940 --> 00:02:03,580 because it's now beautiful weather. 42 00:02:03,580 --> 00:02:05,900 So it's out of our vocabulary. 43 00:02:09,180 --> 00:02:12,260 Matthew, did you talk about Tuesday or Tuesday? 44 00:02:12,260 --> 00:02:14,420 No, or any kind of meal? 45 00:02:14,420 --> 00:02:17,660 I was too erratic, it's really just whatever's 46 00:02:17,660 --> 00:02:19,700 taken us for the next couple of days. 47 00:02:19,700 --> 00:02:24,860 So I suppose the only thing would be we do lasagna 48 00:02:24,860 --> 00:02:30,900 for big celebratory lasagna is kind of our thing, 49 00:02:30,900 --> 00:02:34,540 which I've spoken about my love for lasagna on other podcasts. 50 00:02:34,540 --> 00:02:38,660 So I'm going to stop before this becomes the lasagna podcast. 51 00:02:38,660 --> 00:02:40,500 I don't know that might be my new favorite episode, 52 00:02:40,500 --> 00:02:43,220 but I'm with you that I'm like, I don't know. 53 00:02:43,220 --> 00:02:44,980 Grading my husband does most of the cooking. 54 00:02:44,980 --> 00:02:47,980 So whatever he's cooking is whatever, you know, 55 00:02:47,980 --> 00:02:50,260 whatever day of the week. 56 00:02:50,260 --> 00:02:50,980 But I also. 57 00:02:50,980 --> 00:02:52,260 Whatever he puts in front of you? 58 00:02:52,260 --> 00:02:54,180 Yeah, I'm like, I've ordered ingredients 59 00:02:54,180 --> 00:02:56,180 to make vegan tacos, and then I've just never 60 00:02:56,180 --> 00:02:58,900 gotten motivated enough to shred up the tofu and actually do it. 61 00:02:58,900 --> 00:03:01,860 So it's on the wish list that one day I'll 62 00:03:01,860 --> 00:03:05,300 try making vegan tacos. 63 00:03:05,300 --> 00:03:07,180 Nice. 64 00:03:07,180 --> 00:03:08,260 Nice. 65 00:03:08,260 --> 00:03:11,180 Well, kind of related. 66 00:03:11,180 --> 00:03:14,580 We're talking about food and. 67 00:03:14,580 --> 00:03:15,460 We can make the back. 68 00:03:15,460 --> 00:03:16,220 I can't hang in there. 69 00:03:16,220 --> 00:03:17,100 I can do it. 70 00:03:17,100 --> 00:03:17,980 I don't know. 71 00:03:17,980 --> 00:03:18,380 I don't know. 72 00:03:18,380 --> 00:03:21,260 Well, today on our Tech for Business podcast, 73 00:03:21,260 --> 00:03:25,580 Kelsey, Tara, and myself are joined by Todd, our CIO, 74 00:03:25,580 --> 00:03:28,620 and CISO, and Matthew, our GRC analyst. 75 00:03:28,620 --> 00:03:34,420 And we're discussing why doctors are refusing to use MFA. 76 00:03:34,420 --> 00:03:38,060 And I thought it was so interesting looking back. 77 00:03:38,060 --> 00:03:42,620 We're about a year out from our first MFA podcast. 78 00:03:42,620 --> 00:03:44,900 And we're still talking about it. 79 00:03:44,900 --> 00:03:47,300 So what's the deal? 80 00:03:47,300 --> 00:03:48,980 Why are they not using it? 81 00:03:48,980 --> 00:03:50,740 Why are people not buying in? 82 00:03:50,740 --> 00:03:53,100 What's the disconnect happening here? 83 00:03:56,020 --> 00:03:59,540 Well, mildly interesting and not directly related to health 84 00:03:59,540 --> 00:04:03,700 care, but I actually was just at a banking conference earlier. 85 00:04:03,700 --> 00:04:04,940 I guess it was last week. 86 00:04:04,940 --> 00:04:06,980 And they were saying the adoption rate of MFA 87 00:04:06,980 --> 00:04:09,660 is still only 17% nationwide. 88 00:04:09,660 --> 00:04:13,500 And that was not specific to industry, but nationwide. 89 00:04:13,500 --> 00:04:16,060 And that seems low to me. 90 00:04:16,060 --> 00:04:19,540 But somebody slung that stat. 91 00:04:19,540 --> 00:04:22,500 So I think the answer is, is because the adoption still 92 00:04:22,500 --> 00:04:26,780 stinks on it, which is probably a great topic for today. 93 00:04:26,780 --> 00:04:28,100 I'll take a first stab at it. 94 00:04:28,100 --> 00:04:32,780 I think the reality of why that MFA is so heavily resisted 95 00:04:32,780 --> 00:04:35,700 is because people think it's complicated. 96 00:04:35,700 --> 00:04:37,020 It's cumbersome. 97 00:04:37,020 --> 00:04:39,780 It causes them to do something else that's very inconvenient. 98 00:04:39,780 --> 00:04:42,500 So again, dating myself a little bit 99 00:04:42,500 --> 00:04:44,900 like I tend to do on some of these podcasts. 100 00:04:44,900 --> 00:04:48,820 When I first started a job, well over 20 years ago, 101 00:04:48,820 --> 00:04:52,180 I had implemented MFA at that particular location. 102 00:04:52,180 --> 00:04:53,260 And it was the old FOB. 103 00:04:53,260 --> 00:04:56,540 So you had the rolling six digit e-card that kind of came in. 104 00:04:56,540 --> 00:04:58,180 So you type in your password, and then you 105 00:04:58,180 --> 00:05:00,140 had to dig the key FOB out of your pocket. 106 00:05:00,140 --> 00:05:02,220 You had to look at it, and you had like 10 seconds 107 00:05:02,220 --> 00:05:03,700 to enter it before it expired. 108 00:05:03,700 --> 00:05:06,780 And it was just painful as ungodly people hated it. 109 00:05:06,780 --> 00:05:10,340 But MFA really isn't like that anymore. 110 00:05:10,340 --> 00:05:11,700 Yeah. 111 00:05:11,700 --> 00:05:13,940 I mean, for me, the experience I've 112 00:05:13,940 --> 00:05:16,100 had with people who are not implementing it, 113 00:05:16,100 --> 00:05:18,860 it's not going to happen to me. 114 00:05:18,860 --> 00:05:21,100 They're thinking that they're not a target. 115 00:05:21,100 --> 00:05:24,940 And so the implementation and teaching staff, 116 00:05:24,940 --> 00:05:27,740 and then training the staff, updating staff, 117 00:05:27,740 --> 00:05:30,500 getting hardware, software changes, implementation, 118 00:05:30,500 --> 00:05:34,620 the whole project seems like an unnecessary, either 119 00:05:34,620 --> 00:05:36,300 expense or time sink. 120 00:05:38,780 --> 00:05:41,900 That, as Todd just said, kind of used to be the way it was. 121 00:05:41,900 --> 00:05:48,060 There was no real better way that was commonly available. 122 00:05:48,060 --> 00:05:50,820 I'm sure we all remember the movies that 123 00:05:50,820 --> 00:05:54,660 came out in the late 90s and early 2000s of people suddenly 124 00:05:54,660 --> 00:06:00,060 having extra badges and eye scanning and fingerprint 125 00:06:00,060 --> 00:06:00,620 scanning. 126 00:06:00,620 --> 00:06:05,620 And that all seemed at the time like it was science fiction. 127 00:06:05,620 --> 00:06:07,580 And now there's so many different things 128 00:06:07,580 --> 00:06:12,220 we can do that kind of fall in line with that. 129 00:06:12,220 --> 00:06:16,780 They can make it not just easier and less time consuming, 130 00:06:16,780 --> 00:06:19,500 but also, I don't want to say it's a little fun. 131 00:06:19,500 --> 00:06:22,100 But there are times when it does feel a little bit fun 132 00:06:22,100 --> 00:06:27,860 and spy-like to use MFA in certain ways. 133 00:06:27,860 --> 00:06:30,500 Yeah, I mean, I guess I'd throw in a couple of barriers 134 00:06:30,500 --> 00:06:31,020 to entry. 135 00:06:31,020 --> 00:06:32,820 And you did mention a few of them. 136 00:06:32,820 --> 00:06:34,820 One of them that we see an awful lot, 137 00:06:34,820 --> 00:06:36,460 especially in the health care industry, 138 00:06:36,460 --> 00:06:39,380 is that there still tends to be a lot of shared accounts. 139 00:06:39,380 --> 00:06:41,420 And there is a little bit of inconvenience 140 00:06:41,420 --> 00:06:44,540 in how you set up a multi-factor for a shared account. 141 00:06:44,540 --> 00:06:47,500 So it could just be, we'll just say nurse as an example, 142 00:06:47,500 --> 00:06:50,100 but it happens in senior living and so on and so forth 143 00:06:50,100 --> 00:06:50,620 as well. 144 00:06:50,620 --> 00:06:54,060 But he said the login is nurse one, nurse two, nurse three. 145 00:06:54,060 --> 00:06:55,820 And you may have 20 people that do it, 146 00:06:55,820 --> 00:06:59,380 or you have people coming in to do it temporarily or whatever. 147 00:06:59,380 --> 00:07:00,900 There still is ways to do it. 148 00:07:00,900 --> 00:07:02,940 So that's one barrier of entry. 149 00:07:02,940 --> 00:07:04,820 As we talked about, the inconvenience factor 150 00:07:04,820 --> 00:07:05,860 was one in the past. 151 00:07:05,860 --> 00:07:09,700 And then the third one that I see come up often is cost. 152 00:07:09,700 --> 00:07:11,580 I don't have the equipment, therefore, I 153 00:07:11,580 --> 00:07:15,900 have to invest in it, which actually 154 00:07:15,900 --> 00:07:19,180 has a mild tangent to another one that we typically see often. 155 00:07:19,180 --> 00:07:20,940 When you have those shared accounts, especially 156 00:07:20,940 --> 00:07:23,500 in senior living, is you'll say, hey, 157 00:07:23,500 --> 00:07:26,300 I want to use a tool like your phone 158 00:07:26,300 --> 00:07:27,900 where I can use an authenticator. 159 00:07:27,900 --> 00:07:31,180 And the staff member will often say, well, 160 00:07:31,180 --> 00:07:32,740 you don't pay for my phone, so I'm not 161 00:07:32,740 --> 00:07:35,100 going to put your application on my phone. 162 00:07:35,100 --> 00:07:37,140 That tends to be real problematic too. 163 00:07:37,140 --> 00:07:38,340 It actually isn't. 164 00:07:38,340 --> 00:07:40,380 But it's a barrier to entry. 165 00:07:40,380 --> 00:07:42,140 People are like, I don't know how to overcome that. 166 00:07:42,140 --> 00:07:43,940 They tell me they're not going to carry a second phone. 167 00:07:43,940 --> 00:07:46,620 I don't want to pay for another phone, et cetera, et cetera. 168 00:07:46,620 --> 00:07:48,500 But we'll dig into that a little bit further. 169 00:07:48,500 --> 00:07:50,340 But those are some of the main barriers 170 00:07:50,340 --> 00:07:53,300 to entry as to why people are like, this is just too much. 171 00:07:53,300 --> 00:07:55,180 I can't move forward on it. 172 00:07:55,180 --> 00:07:56,140 Yeah. 173 00:07:56,140 --> 00:07:58,660 One thing I want to mention quickly before we move past this 174 00:07:58,660 --> 00:08:01,620 is I'm not sure if there's a different term for this 175 00:08:01,620 --> 00:08:03,620 as it relates to organizations. 176 00:08:03,620 --> 00:08:05,180 I know it from software development, 177 00:08:05,180 --> 00:08:08,540 but it's the idea of a thing called technical debt. 178 00:08:08,540 --> 00:08:10,900 The idea is that when you're building a program, 179 00:08:10,900 --> 00:08:12,540 if someone's requesting something 180 00:08:12,540 --> 00:08:16,500 and it needs to be pushed out very quickly, corners are cut. 181 00:08:16,500 --> 00:08:19,500 Things are done that wouldn't be done if you had more time. 182 00:08:19,500 --> 00:08:21,420 And that results in something being released 183 00:08:21,420 --> 00:08:24,220 that maybe was done in a way that's suboptimal. 184 00:08:24,220 --> 00:08:26,540 Going forward, if you need to redo that 185 00:08:26,540 --> 00:08:28,980 or if you need to do something else that builds from it, 186 00:08:28,980 --> 00:08:32,180 you're building and creating from a suboptimal position. 187 00:08:32,180 --> 00:08:34,220 And so the idea of going back to fix it 188 00:08:34,220 --> 00:08:38,060 becomes more and more expensive from time, 189 00:08:38,060 --> 00:08:40,220 human hours, everything. 190 00:08:40,220 --> 00:08:42,180 And cost of paying everyone to do it, 191 00:08:42,180 --> 00:08:44,380 as well as the potential of having to take the software down 192 00:08:44,380 --> 00:08:45,780 to make the fix. 193 00:08:45,780 --> 00:08:49,260 Now, when it comes to, I see that a lot, 194 00:08:49,260 --> 00:08:51,140 and we talk about that a lot in software development, 195 00:08:51,140 --> 00:08:53,820 but when it comes to your environment, 196 00:08:53,820 --> 00:08:56,540 this may be what you're feeling 197 00:08:56,540 --> 00:08:58,180 when you think about implementing something new. 198 00:08:58,180 --> 00:09:00,020 You're thinking about changes that may need to happen 199 00:09:00,020 --> 00:09:02,460 to the network, updates that may need to occur, 200 00:09:02,460 --> 00:09:04,620 what else needs to be implemented, 201 00:09:04,620 --> 00:09:06,180 can seem really overwhelming. 202 00:09:06,180 --> 00:09:08,060 And that's because it's a real thing. 203 00:09:08,060 --> 00:09:12,180 It's very, very difficult to wrap your head around that, 204 00:09:12,180 --> 00:09:14,980 especially if you're unsure on the technical side already. 205 00:09:16,420 --> 00:09:18,100 So it's something to keep in mind. 206 00:09:18,100 --> 00:09:20,420 And it's important to remember that 207 00:09:20,420 --> 00:09:22,740 it is something that can be undone. 208 00:09:22,740 --> 00:09:26,500 MFA can be put on top of it, it can be worked around. 209 00:09:26,500 --> 00:09:29,700 Having someone come in who can kind of dig into the system 210 00:09:29,700 --> 00:09:32,660 or knows the MFA systems better may be able to tell you 211 00:09:32,660 --> 00:09:35,540 that implementing this is far easier than it seems. 212 00:09:36,860 --> 00:09:38,580 So it's just something to keep in mind 213 00:09:38,580 --> 00:09:41,140 and everyone's dealing with it. 214 00:09:41,140 --> 00:09:42,780 We do see it a lot of places. 215 00:09:43,940 --> 00:09:45,340 It's still worth looking into. 216 00:09:46,860 --> 00:09:49,500 Yeah, I'm gonna kind of circle back 217 00:09:49,500 --> 00:09:51,540 to one of the things that you mentioned a little earlier too. 218 00:09:51,540 --> 00:09:54,700 As you had mentioned that there is the, 219 00:09:54,700 --> 00:09:55,900 what is my risk level? 220 00:09:55,900 --> 00:09:57,380 I perceive that my risk is low, 221 00:09:57,380 --> 00:09:58,980 therefore I don't need to worry about it. 222 00:09:58,980 --> 00:10:01,180 And again, I know I've mentioned healthcare a few times, 223 00:10:01,180 --> 00:10:04,220 excuse me, I mean, senior living in a lot of times, 224 00:10:04,220 --> 00:10:07,100 people will think, well, it's just senior living, who cares? 225 00:10:07,100 --> 00:10:09,220 The answer is everybody cares. 226 00:10:09,220 --> 00:10:13,700 There the amount of data that healthcare people have, 227 00:10:13,700 --> 00:10:15,260 both on PII. 228 00:10:15,260 --> 00:10:18,980 And I'm gonna sling some acronyms around there 229 00:10:18,980 --> 00:10:20,780 and hopefully you guys are up to date. 230 00:10:20,780 --> 00:10:22,740 And if you're not, we got a ton of podcasts 231 00:10:22,740 --> 00:10:24,540 that kind of get into the variety of very ones, 232 00:10:24,540 --> 00:10:26,980 but that one's your identifiable information 233 00:10:26,980 --> 00:10:28,020 on a personal level. 234 00:10:28,020 --> 00:10:31,180 And then there's the PHI, which is health information. 235 00:10:31,180 --> 00:10:34,500 And that information is very desirable from attackers. 236 00:10:34,500 --> 00:10:36,420 Again, I mentioned I was just at a conference 237 00:10:36,420 --> 00:10:38,780 and one of the guys that was at the conference 238 00:10:38,780 --> 00:10:40,500 was big on fraud and he talked about 239 00:10:40,500 --> 00:10:43,140 how he could use any piece of data. 240 00:10:43,140 --> 00:10:44,460 And it was basically anything, 241 00:10:44,460 --> 00:10:47,060 use first name, last name and how he could pivot to that 242 00:10:47,060 --> 00:10:49,500 and get social security numbers, addresses, 243 00:10:49,500 --> 00:10:50,980 date of birth, et cetera. 244 00:10:50,980 --> 00:10:52,660 Once they start to get that information 245 00:10:52,660 --> 00:10:54,860 because so much of it is readily available, 246 00:10:54,860 --> 00:10:56,820 which is why they keep trying to get it, 247 00:10:56,820 --> 00:10:59,260 they can buy information for roughly $2 248 00:10:59,260 --> 00:11:01,820 and then they can pivot and start to create fraud off of it. 249 00:11:01,820 --> 00:11:05,780 So the short answer is the data itself is desirable 250 00:11:05,780 --> 00:11:06,860 because it can be sold. 251 00:11:06,860 --> 00:11:09,180 And if you think $2 isn't very much, it's not. 252 00:11:09,180 --> 00:11:11,900 But when you sell 2 million of them at $2 a pop 253 00:11:11,900 --> 00:11:13,740 is worth an awful lot of money. 254 00:11:14,900 --> 00:11:16,780 And then again, they're using that to create fraud 255 00:11:16,780 --> 00:11:18,180 to generate additional revenue. 256 00:11:18,180 --> 00:11:20,740 So that's the core reason why healthcare 257 00:11:20,740 --> 00:11:22,140 is such a big concern. 258 00:11:22,140 --> 00:11:23,820 And of course, as an individual, 259 00:11:23,820 --> 00:11:25,860 people care about their privacy. 260 00:11:25,860 --> 00:11:29,020 That would be the other major thrust that comes behind 261 00:11:29,020 --> 00:11:31,540 why it's important to protect that data 262 00:11:31,540 --> 00:11:34,660 and kind of going back into MFA, why MFA? 263 00:11:34,660 --> 00:11:38,460 MFA is what is really protecting most organizations data 264 00:11:38,460 --> 00:11:39,300 for the most part. 265 00:11:39,300 --> 00:11:43,140 And if you don't have it, you're probably not very protected. 266 00:11:43,140 --> 00:11:48,140 Exactly, MFA is really the, there is no gold standard. 267 00:11:48,580 --> 00:11:51,420 There is no one thing, but the thing that's going to help 268 00:11:51,420 --> 00:11:55,680 the most with potentially the least effort is MFA. 269 00:11:57,700 --> 00:11:58,740 And here's why. 270 00:11:59,820 --> 00:12:03,020 So MFA, multi-factor authentication breaks down 271 00:12:03,020 --> 00:12:06,300 into this idea that instead of just entering a password 272 00:12:06,300 --> 00:12:10,260 or a username, you have three different things 273 00:12:10,260 --> 00:12:12,740 that the information could be pulled from. 274 00:12:12,740 --> 00:12:14,980 So we call this something you are, 275 00:12:14,980 --> 00:12:17,060 something you have and something you know. 276 00:12:18,020 --> 00:12:20,940 Now the short version of this is something you know 277 00:12:20,940 --> 00:12:23,100 is generally considered to be your password, 278 00:12:23,100 --> 00:12:25,720 something you are such as your fingerprint 279 00:12:27,300 --> 00:12:30,500 or voice recognition, eye scans, et cetera. 280 00:12:30,500 --> 00:12:34,140 And something you have, whether that's a key card 281 00:12:34,140 --> 00:12:37,060 or most of us probably have some form of authenticator 282 00:12:37,060 --> 00:12:39,900 on our phone now, even our phone itself 283 00:12:39,900 --> 00:12:42,180 if it's text messages, right? 284 00:12:42,180 --> 00:12:45,420 Those three things make up MFA. 285 00:12:45,420 --> 00:12:50,180 And the idea of MFA is using one, two, three, 286 00:12:50,180 --> 00:12:53,580 six different variations on this depending on how paranoid 287 00:12:53,580 --> 00:12:56,840 you get to create something that is secure. 288 00:12:58,020 --> 00:13:00,300 In certain scenarios, I've actually found situations 289 00:13:00,300 --> 00:13:05,300 where people's usernames are also non-standard now. 290 00:13:05,340 --> 00:13:07,780 And so in certain situations where I'm allowed to do this, 291 00:13:07,780 --> 00:13:11,140 my username for a thing I have to sign up for, 292 00:13:11,140 --> 00:13:13,700 especially if it's financial, will be just a random string 293 00:13:13,700 --> 00:13:15,660 of numbers and letters as well. 294 00:13:15,660 --> 00:13:18,000 Makes it even more difficult to get in. 295 00:13:19,540 --> 00:13:24,540 Anyway, so the goal with MFA is to use two of these things, 296 00:13:24,900 --> 00:13:28,020 preferably different from those different sections 297 00:13:28,020 --> 00:13:29,340 of those three, something you are, 298 00:13:29,340 --> 00:13:31,820 something you have and something you know, 299 00:13:31,820 --> 00:13:34,860 and create a sign-in method that allows the person 300 00:13:34,860 --> 00:13:41,060 to do this smoothly with as few steps as possible. 301 00:13:41,060 --> 00:13:42,820 The most common one and the one that most of you 302 00:13:42,820 --> 00:13:44,900 are probably doing or have seen before, 303 00:13:44,900 --> 00:13:48,180 especially if you're banking via your phone 304 00:13:48,180 --> 00:13:50,740 is probably signing in with a password 305 00:13:50,740 --> 00:13:54,140 and then getting a text message for a one-time code or an OTP. 306 00:13:55,660 --> 00:13:57,580 This is what most of us think of, 307 00:13:57,580 --> 00:14:00,820 and I'm sure all of us who work in this industry, 308 00:14:00,820 --> 00:14:04,220 and I'm sure Todd and I have more than enough stories 309 00:14:04,220 --> 00:14:06,500 of people telling us, but it's a pain. 310 00:14:07,620 --> 00:14:09,140 It's just time-consuming. 311 00:14:10,500 --> 00:14:12,900 That can be true, it is an additional step. 312 00:14:14,460 --> 00:14:15,500 But as I mentioned earlier, 313 00:14:15,500 --> 00:14:17,860 there are a lot of things that have come through recently, 314 00:14:17,860 --> 00:14:19,140 and not just so much recently, 315 00:14:19,140 --> 00:14:23,580 but have become available to more people recently 316 00:14:23,580 --> 00:14:25,060 that can really streamline this process 317 00:14:25,060 --> 00:14:28,140 so that it's not exactly what you think it was before. 318 00:14:28,140 --> 00:14:33,140 Yeah, I had things in mind. 319 00:14:34,740 --> 00:14:37,460 I'm not sure I knew exactly where to get it off of here, 320 00:14:37,460 --> 00:14:40,300 specifically, but a wonderful overview. 321 00:14:40,300 --> 00:14:41,580 I thought it was fantastic. 322 00:14:41,580 --> 00:14:44,220 Some of the things that I had in mind was, 323 00:14:44,220 --> 00:14:46,980 Matthew covered it quite quite well when he talks about, 324 00:14:46,980 --> 00:14:48,820 the reason why you have it ultimately 325 00:14:48,820 --> 00:14:51,260 is it's inconvenient or it's perceived to be. 326 00:14:52,140 --> 00:14:54,460 The push was one of the major breakthroughs 327 00:14:54,460 --> 00:14:55,860 in multi-factor authentication, 328 00:14:55,860 --> 00:14:58,340 in my opinion, that really transitioned it 329 00:14:58,340 --> 00:15:00,460 from being difficult and painful to, 330 00:15:00,460 --> 00:15:02,060 oh, it just popped up when I signed in 331 00:15:02,060 --> 00:15:02,900 and said, is this you? 332 00:15:02,900 --> 00:15:05,260 And I hit a button that says, yep, and I'm in. 333 00:15:05,260 --> 00:15:08,060 That was a significant progress. 334 00:15:08,060 --> 00:15:09,940 Over the years, there have been other things 335 00:15:09,940 --> 00:15:11,420 that tend to go on with it too. 336 00:15:11,420 --> 00:15:13,180 So again, that inconvenience piece, 337 00:15:13,180 --> 00:15:15,180 I'm gonna make a correlation to doctors. 338 00:15:15,180 --> 00:15:16,980 Doctors get a paid a lot of money. 339 00:15:18,540 --> 00:15:20,660 Doctors are very busy. 340 00:15:20,660 --> 00:15:21,740 They talk to patients, 341 00:15:21,740 --> 00:15:23,460 they go from one thing to the next, 342 00:15:23,460 --> 00:15:26,020 and they tend to be kind of behind the schedule 343 00:15:26,020 --> 00:15:26,860 almost always right. 344 00:15:26,860 --> 00:15:28,100 And they don't generally, 345 00:15:28,100 --> 00:15:29,620 whatever you can give them to the bedside manner, 346 00:15:29,620 --> 00:15:31,940 but they're trying to go through things as quickly as they can, 347 00:15:31,940 --> 00:15:35,380 and they perceive that log on process as being inconvenient. 348 00:15:35,380 --> 00:15:36,740 This is true in senior living, 349 00:15:36,740 --> 00:15:38,940 when you're trying to dispense medication and so forth, 350 00:15:38,940 --> 00:15:41,700 as well as it's complicated, there's a lot going on. 351 00:15:41,700 --> 00:15:43,900 They're trying to be as efficient as humanly possible, 352 00:15:43,900 --> 00:15:45,900 and this is just slowing them down. 353 00:15:45,900 --> 00:15:47,420 Now, when I got into the push concept, 354 00:15:47,420 --> 00:15:50,020 the reason why I was bringing that up is because, 355 00:15:50,020 --> 00:15:52,020 MFA continues to evolve. 356 00:15:52,020 --> 00:15:53,940 It's starting to get even more frictionless. 357 00:15:53,940 --> 00:15:56,220 There's proximity-based multi-factor. 358 00:15:56,220 --> 00:15:57,860 So if you're in the room and you've got a token 359 00:15:57,860 --> 00:16:01,020 that's based this way, it'll automatically log you in. 360 00:16:01,020 --> 00:16:03,100 Most people in healthcare today, 361 00:16:03,100 --> 00:16:04,580 if you go to the doctor or the clinic, 362 00:16:04,580 --> 00:16:06,300 more often than not, and if you're in the US, 363 00:16:06,300 --> 00:16:08,540 this may not be nationwide yet, 364 00:16:08,540 --> 00:16:10,580 but if you're in the US, more often than not, 365 00:16:10,580 --> 00:16:12,900 you're using something like a key card, 366 00:16:12,900 --> 00:16:14,820 or facial recognition, or proximity, 367 00:16:14,820 --> 00:16:16,660 or something along those lines to, 368 00:16:16,660 --> 00:16:17,700 for all intents and purposes, 369 00:16:17,700 --> 00:16:20,900 they instantly log those individuals in. 370 00:16:20,900 --> 00:16:23,140 So if you're talking about the time it takes for them, 371 00:16:23,140 --> 00:16:25,700 how many minutes of the doctor messing around 372 00:16:25,700 --> 00:16:27,740 with a password, typing it in five times 373 00:16:27,740 --> 00:16:30,700 because it's complex, and then throwing a multi-factor in, 374 00:16:30,700 --> 00:16:33,460 you can quickly add up hours in a day, 375 00:16:33,460 --> 00:16:35,980 thus the reasons why they're unhappy, 376 00:16:35,980 --> 00:16:37,860 and you can start to justify the cost with it. 377 00:16:37,860 --> 00:16:38,700 What do they make? 378 00:16:38,700 --> 00:16:40,860 And I honestly have no idea what the hourly rate 379 00:16:40,860 --> 00:16:42,740 of a doctor is, but I suspect it's high. 380 00:16:42,740 --> 00:16:44,340 And if I'm wasting hours of their time, 381 00:16:44,340 --> 00:16:45,700 the cost is very, very high too. 382 00:16:45,700 --> 00:16:48,100 So when we got back into the technical debt, 383 00:16:48,100 --> 00:16:50,540 the cost of the barriers of entry, et cetera, 384 00:16:50,540 --> 00:16:52,140 once you start removing that friction, 385 00:16:52,140 --> 00:16:54,780 you can still get the tools that you need 386 00:16:54,780 --> 00:16:58,220 at a reasonable cost, if you will, or ROI, 387 00:16:58,220 --> 00:16:59,860 if you need to space it that way, 388 00:16:59,860 --> 00:17:01,100 and then you still remove the friction. 389 00:17:01,100 --> 00:17:03,140 So it is still possible to move forward. 390 00:17:04,140 --> 00:17:04,980 Agreed. 391 00:17:05,940 --> 00:17:07,060 You mentioned a couple there, 392 00:17:07,060 --> 00:17:08,860 and I'll mention a couple that I've seen, 393 00:17:08,860 --> 00:17:12,580 the key cards that slot into workstations. 394 00:17:12,580 --> 00:17:14,300 People still need to enter their password, 395 00:17:14,300 --> 00:17:16,780 but the additional step of putting in your key card 396 00:17:16,780 --> 00:17:19,700 is not very time consuming, because it's already there, 397 00:17:19,700 --> 00:17:21,820 or it's even noticing that you're nearby 398 00:17:21,820 --> 00:17:25,580 rather than having to be put in. 399 00:17:25,580 --> 00:17:28,060 Those things were really common, 400 00:17:28,060 --> 00:17:29,740 and they're becoming more common. 401 00:17:29,740 --> 00:17:32,420 I wanna remind everyone from this 402 00:17:32,420 --> 00:17:35,900 that just a key card is not MFA. 403 00:17:35,900 --> 00:17:37,860 That's just one form of this, 404 00:17:37,860 --> 00:17:40,140 something you have, which is your key card. 405 00:17:40,140 --> 00:17:42,740 So if you are just using that, 406 00:17:42,740 --> 00:17:45,100 if someone could just take that card and use it, 407 00:17:45,100 --> 00:17:46,860 that's not MFA, they need something else 408 00:17:46,860 --> 00:17:49,740 to keep that security level high. 409 00:17:50,940 --> 00:17:55,180 There is a solution that I implemented previously 410 00:17:55,180 --> 00:17:59,820 for a clinic, that in short was a single device 411 00:17:59,820 --> 00:18:01,900 that included a fingerprint scanner. 412 00:18:01,900 --> 00:18:06,140 So the provider would get to their PC, 413 00:18:06,140 --> 00:18:09,100 plug this device into the workstation, 414 00:18:09,100 --> 00:18:11,780 put their fingerprint against the fingerprint reader 415 00:18:11,780 --> 00:18:14,940 on the device, and get into their machine straightaway. 416 00:18:14,940 --> 00:18:19,580 So providing this to the clinic, 417 00:18:19,580 --> 00:18:21,060 the first time I showed the doctors, 418 00:18:21,060 --> 00:18:23,260 you would have thought they were seeing true magic. 419 00:18:23,260 --> 00:18:26,860 Before that, they'd been typing passwords, 420 00:18:26,860 --> 00:18:28,580 they'd been using MFA on their phones, 421 00:18:28,580 --> 00:18:32,700 and there had been maybe some issues with providers out here, 422 00:18:32,700 --> 00:18:34,900 not sending text messages through 423 00:18:34,900 --> 00:18:36,420 as quickly as they'd hoped they would. 424 00:18:36,420 --> 00:18:40,860 So there was some slowdown where maybe the one-time code 425 00:18:40,860 --> 00:18:42,860 they needed via text message wasn't as quick 426 00:18:42,860 --> 00:18:44,500 because they'd hoped it would be. 427 00:18:44,500 --> 00:18:45,700 So being able to just walk in 428 00:18:45,700 --> 00:18:48,140 and really not even think about it too hard 429 00:18:48,140 --> 00:18:50,660 was an absolute time saver. 430 00:18:51,500 --> 00:18:53,700 And the cost of that alone, like Todd said, 431 00:18:53,700 --> 00:18:57,740 the cost of saving the sit down at your desk, 432 00:18:57,740 --> 00:19:00,940 type your password in, make sure everything comes back up, 433 00:19:00,940 --> 00:19:03,420 of just having to do it all in one movement. 434 00:19:04,460 --> 00:19:07,420 Five seconds if you got the USB slot on the right time, 435 00:19:08,540 --> 00:19:11,500 which with USB-C is even quicker now. 436 00:19:11,500 --> 00:19:16,340 Instantly made up, I say instantly, 437 00:19:16,340 --> 00:19:17,380 but within a couple of weeks, 438 00:19:17,380 --> 00:19:19,780 they probably made back the cost of that project 439 00:19:19,780 --> 00:19:21,180 that we implemented for them. 440 00:19:23,460 --> 00:19:26,380 We also talk about fingerprint readers, 441 00:19:26,380 --> 00:19:27,700 I just mentioned there. 442 00:19:27,700 --> 00:19:30,580 There are some which are straight out 443 00:19:30,580 --> 00:19:32,740 of a Mission Impossible movie. 444 00:19:32,740 --> 00:19:36,820 People registering your gate as you walk through rooms 445 00:19:36,820 --> 00:19:38,820 is something that is available now, 446 00:19:38,820 --> 00:19:42,740 whether how widely used it is, is separate. 447 00:19:42,740 --> 00:19:46,460 There are some clinics that may have that implemented 448 00:19:46,460 --> 00:19:47,940 and especially for certain rooms 449 00:19:47,940 --> 00:19:50,900 where you already have to key code to get through it. 450 00:19:50,900 --> 00:19:52,780 Maybe this is a better solution for you 451 00:19:52,780 --> 00:19:54,020 than additional tools. 452 00:19:54,020 --> 00:19:56,020 Maybe you already have a camera system in place 453 00:19:56,020 --> 00:19:57,540 that can implement that as well. 454 00:19:59,500 --> 00:20:02,180 Those are the big ones that I think of. 455 00:20:02,180 --> 00:20:04,140 That solution, that individual card 456 00:20:04,140 --> 00:20:06,460 is still one of the coolest things 457 00:20:06,460 --> 00:20:09,100 that exists on the market in my opinion. 458 00:20:10,100 --> 00:20:11,260 Yeah, I mean, I think you nailed it. 459 00:20:11,260 --> 00:20:13,380 You really do put in a tool set that 460 00:20:13,380 --> 00:20:15,340 will allow you to remove the friction, 461 00:20:15,340 --> 00:20:18,140 be quick and still give them everything they're looking for. 462 00:20:18,140 --> 00:20:20,460 I also mentioned earlier that it is possible 463 00:20:20,460 --> 00:20:23,020 to still multi-factor shared accounts. 464 00:20:23,020 --> 00:20:24,460 So there are tools out there. 465 00:20:24,460 --> 00:20:26,660 I know Duel has something that they can work with 466 00:20:28,020 --> 00:20:29,660 throughout the app and whatnot as well 467 00:20:29,660 --> 00:20:31,500 through the Windows login system. 468 00:20:31,500 --> 00:20:33,460 I'm a big fan of Windows Hello. 469 00:20:33,460 --> 00:20:36,060 I think it was a game changer when you started to mix in 470 00:20:36,060 --> 00:20:40,980 facial recognition with passcodes and whatnot. 471 00:20:40,980 --> 00:20:43,740 So that format MFA was a huge change for me. 472 00:20:43,740 --> 00:20:44,980 For what it's worth at CIT, 473 00:20:44,980 --> 00:20:47,740 we use a minimum of 15 character passwords. 474 00:20:47,740 --> 00:20:49,500 And I know my password inside now, 475 00:20:49,500 --> 00:20:50,940 we keep them around for a year 476 00:20:50,940 --> 00:20:52,740 because we follow that standard. 477 00:20:52,740 --> 00:20:55,500 I still crank that thing in wrong multiple times a day 478 00:20:55,500 --> 00:20:57,340 and it's annoying as can be. 479 00:20:57,340 --> 00:21:00,220 So moving to something that's less friction based 480 00:21:00,220 --> 00:21:02,780 like Windows Hello or Fingerprints or whatever the case, 481 00:21:02,780 --> 00:21:05,380 maybe does make a massive difference. 482 00:21:05,380 --> 00:21:06,940 And it just makes people feel good. 483 00:21:06,940 --> 00:21:11,140 So again, touching on various workforce 484 00:21:11,140 --> 00:21:13,660 where they can easily get overwhelmed and whatnot. 485 00:21:13,660 --> 00:21:16,380 Something simple like that can be a big difference 486 00:21:16,380 --> 00:21:18,620 in their day of just being able to remove 487 00:21:18,620 --> 00:21:20,940 a little bit of that pain in their lives. 488 00:21:23,020 --> 00:21:23,860 I agree. 489 00:21:26,700 --> 00:21:31,140 If the worst part of having to move between your office 490 00:21:31,140 --> 00:21:33,260 and the exam rooms and everything 491 00:21:33,260 --> 00:21:35,780 is having to sign in every time 492 00:21:35,780 --> 00:21:38,500 and more than likely you've heard that complaint. 493 00:21:40,500 --> 00:21:43,460 This is probably not, it's already slow enough 494 00:21:43,460 --> 00:21:47,460 for why would I wanna add additional time to that process? 495 00:21:47,460 --> 00:21:49,940 It doesn't have to be in addition to that process. 496 00:21:49,940 --> 00:21:53,260 It can be a detraction from that time. 497 00:21:54,500 --> 00:21:56,700 It can be as quick as you're willing 498 00:21:56,700 --> 00:21:58,540 to look into letting it be. 499 00:22:00,100 --> 00:22:02,940 We haven't really covered many of the NFC 500 00:22:02,940 --> 00:22:05,980 or the near field communication proximity stuff. 501 00:22:05,980 --> 00:22:08,180 There are a lot of those tools as well. 502 00:22:08,180 --> 00:22:11,220 They do tend to require a little bit more on-site hardware, 503 00:22:12,340 --> 00:22:14,700 but they're becoming more and more common as well. 504 00:22:14,700 --> 00:22:17,420 Facial recognition through camera systems as well, 505 00:22:17,420 --> 00:22:21,580 the ability for them to recognize you as a first step 506 00:22:21,580 --> 00:22:22,580 so that when you do something, 507 00:22:22,580 --> 00:22:23,940 calcium through as well. 508 00:22:25,700 --> 00:22:26,540 I'll also say, 509 00:22:26,540 --> 00:22:28,820 and this is probably a paranoia thing coming through, 510 00:22:28,820 --> 00:22:31,820 but it wouldn't be a podcast with me if I didn't mention it. 511 00:22:31,820 --> 00:22:33,340 You don't have to stop it too. 512 00:22:33,340 --> 00:22:37,540 Why not try one from every section 513 00:22:37,540 --> 00:22:39,220 and then a separate one as well? 514 00:22:41,420 --> 00:22:43,420 Yes, it may increase time a little bit, 515 00:22:43,420 --> 00:22:46,380 but you're also getting that additional security. 516 00:22:49,220 --> 00:22:51,260 Again, going back to those Mission Impossible movies, 517 00:22:51,260 --> 00:22:53,140 people wanna wear masks that look like you. 518 00:22:53,140 --> 00:22:55,180 No one's gonna be doing that on a regular day. 519 00:22:55,180 --> 00:22:58,180 That's not something someone's gonna do just because. 520 00:22:58,180 --> 00:23:01,980 But hey, try and come up with a scenario 521 00:23:01,980 --> 00:23:06,460 where your system and your MFA solution will get around it. 522 00:23:06,460 --> 00:23:09,580 Maybe it'll always stop the things that you can think of. 523 00:23:11,540 --> 00:23:13,620 If streamlining the process is what's important, 524 00:23:13,620 --> 00:23:16,900 still keep that additional security in mind. 525 00:23:16,900 --> 00:23:19,780 Maybe you require just a pin code on the computer 526 00:23:19,780 --> 00:23:24,140 instead of a full password along with MFA and a fingerprint, 527 00:23:24,140 --> 00:23:28,860 along with a hardware token and a fingerprint. 528 00:23:28,860 --> 00:23:30,780 Six digits instead of 15 529 00:23:30,780 --> 00:23:32,900 when you've already got everything else in place, 530 00:23:32,900 --> 00:23:34,420 still a bit of a time saver. 531 00:23:35,580 --> 00:23:37,340 Yeah, another one that would fit really well into that 532 00:23:37,340 --> 00:23:38,900 is conditional access as well. 533 00:23:38,900 --> 00:23:41,060 And I don't know if we've ever talked about conditional access, 534 00:23:41,060 --> 00:23:42,340 but there are certain conditions 535 00:23:42,340 --> 00:23:47,340 that you can create that'll allow you to add security layers 536 00:23:47,500 --> 00:23:50,500 as well as adding while reducing the friction. 537 00:23:50,500 --> 00:23:53,380 So for example, one of the conditions may be 538 00:23:53,380 --> 00:23:55,460 the IP of where you're located 539 00:23:55,460 --> 00:23:58,180 is the building that you would typically work in. 540 00:23:58,180 --> 00:24:00,820 So if I'm working remote, Starbucks, for example, 541 00:24:00,820 --> 00:24:02,820 I'm not meeting that condition I'm denied. 542 00:24:02,820 --> 00:24:04,340 I have to go through additional layers 543 00:24:04,340 --> 00:24:06,780 of authentication to get in. 544 00:24:06,780 --> 00:24:08,820 But that does give you that additional layers 545 00:24:08,820 --> 00:24:10,620 that Matthew was talking about. 546 00:24:10,620 --> 00:24:11,940 I also wanted to kind of swing back 547 00:24:11,940 --> 00:24:14,180 because I know I talked about the friction of, 548 00:24:14,180 --> 00:24:15,460 hey, I own my own phone, 549 00:24:15,460 --> 00:24:17,180 I'm not gonna put your tool on it. 550 00:24:19,780 --> 00:24:21,660 And so typically some of the things that you could do 551 00:24:21,660 --> 00:24:23,540 is there's a lot of different ways. 552 00:24:23,540 --> 00:24:25,140 One, you can just say we're going this direction. 553 00:24:25,140 --> 00:24:26,460 If you don't like it, we'll buy you a phone, 554 00:24:26,460 --> 00:24:27,700 which is incredibly expensive. 555 00:24:27,700 --> 00:24:29,900 I wouldn't do that, but sometimes just having 556 00:24:29,900 --> 00:24:32,500 that conversation is enough for a staff member to go, 557 00:24:32,500 --> 00:24:34,140 I'm not carrying two phones, not a chance. 558 00:24:34,140 --> 00:24:36,620 I'll put the stupid app on my phone. 559 00:24:36,620 --> 00:24:38,780 Other options are, right, so that's free. 560 00:24:38,780 --> 00:24:40,380 So that's layer one, it's just free. 561 00:24:40,380 --> 00:24:41,300 You could easily get there. 562 00:24:41,300 --> 00:24:42,780 And it really is not that convenient. 563 00:24:42,780 --> 00:24:45,180 It doesn't have access to their contacts and camera 564 00:24:45,180 --> 00:24:47,820 and blah, blah, blah, really isn't that bad. 565 00:24:47,820 --> 00:24:52,300 Number two is kind of Matthew was talking about this, 566 00:24:52,300 --> 00:24:55,140 whether you're looking at USB keys or key cards 567 00:24:55,140 --> 00:24:56,420 or something along those lines, 568 00:24:56,420 --> 00:24:57,940 those are relatively inexpensive. 569 00:24:57,940 --> 00:25:00,340 We'll use like the UB keys as an example, 570 00:25:00,340 --> 00:25:01,860 they're about 20 bucks. 571 00:25:01,860 --> 00:25:04,500 You can get them with the near field on them and everything. 572 00:25:04,500 --> 00:25:06,780 And so if you bought two of those for an employee, 573 00:25:06,780 --> 00:25:09,340 you're looking at 40 bucks and that's way less 574 00:25:09,340 --> 00:25:11,100 than trying to buy or pay for a phone. 575 00:25:11,100 --> 00:25:13,860 So you can get there now. 576 00:25:13,860 --> 00:25:15,900 The more friction you're removing, 577 00:25:15,900 --> 00:25:18,220 the more security you're putting in place. 578 00:25:18,220 --> 00:25:20,540 The cost will change, like Matthew said, 579 00:25:20,540 --> 00:25:23,100 there is infrastructure that may need to go in there. 580 00:25:23,100 --> 00:25:25,940 If I'm trying to go super proximity based, 581 00:25:25,940 --> 00:25:28,320 all kinds of other stuff, the cost may change. 582 00:25:28,320 --> 00:25:30,140 But again, if you start to look at, 583 00:25:30,140 --> 00:25:33,180 okay, now that I've reached these higher layers of cost, 584 00:25:33,180 --> 00:25:34,220 how am I paying for it? 585 00:25:34,220 --> 00:25:35,820 That gets into the stuff we talked about before. 586 00:25:35,820 --> 00:25:38,900 How much am I paying for somebody to plug in their password 587 00:25:38,900 --> 00:25:40,860 wrong and mess with their phone and yada, yada. 588 00:25:40,860 --> 00:25:42,780 So that's kind of the last couple of things 589 00:25:42,780 --> 00:25:44,180 that I would throw on there. 590 00:25:44,180 --> 00:25:46,700 I'll be quiet for a little bit. 591 00:25:46,700 --> 00:25:50,860 I'll add something then that's potentially 592 00:25:50,860 --> 00:25:52,180 gonna upset some people. 593 00:25:54,180 --> 00:25:55,420 Instead of coming up from the, 594 00:25:55,420 --> 00:26:00,180 speaking directly to anyone who wants to do this as I have, 595 00:26:01,180 --> 00:26:03,700 even if your organization hasn't implemented them 596 00:26:03,700 --> 00:26:06,760 across the board, you can get these types of devices 597 00:26:06,760 --> 00:26:07,600 yourself. 598 00:26:08,600 --> 00:26:11,240 CIT does have a way for me to implement mine 599 00:26:11,240 --> 00:26:13,260 and use that as part of my process 600 00:26:13,260 --> 00:26:15,340 because they planned for this 601 00:26:16,340 --> 00:26:17,860 and were very nice to let me. 602 00:26:18,900 --> 00:26:21,660 But if you're a physician or if you're a provider 603 00:26:21,660 --> 00:26:24,940 who is worried about this and maybe you're, 604 00:26:24,940 --> 00:26:27,860 if you're using Windows machines, whatever it is, 605 00:26:27,860 --> 00:26:30,660 and you have one already, maybe ask, 606 00:26:30,660 --> 00:26:33,140 maybe you can be that push to kind of implement 607 00:26:33,140 --> 00:26:34,020 that internally. 608 00:26:34,020 --> 00:26:37,820 Maybe you can have some others and discuss with them 609 00:26:37,820 --> 00:26:38,840 why it's better. 610 00:26:38,840 --> 00:26:43,840 A lot of the tools and I'll call out Windows Hello, 611 00:26:43,840 --> 00:26:48,640 like Todd did, allow you to add these UB keys again, 612 00:26:48,640 --> 00:26:50,680 just to call one out that I know does it, 613 00:26:50,680 --> 00:26:54,440 to a system that already exists as a type of MFA 614 00:26:55,520 --> 00:26:57,280 to secure that system better. 615 00:26:57,280 --> 00:27:02,280 So there are ways that you don't have to just accept 616 00:27:02,440 --> 00:27:04,380 what's in place with your organization, 617 00:27:04,380 --> 00:27:06,200 but please speak to your IT team 618 00:27:06,200 --> 00:27:09,680 before trying to take any changes, just speak to them first. 619 00:27:09,680 --> 00:27:12,280 But there is a potential for you to implement something 620 00:27:12,280 --> 00:27:16,320 or assist in creating a safer space for you 621 00:27:16,320 --> 00:27:18,640 within that environment. 622 00:27:18,640 --> 00:27:21,840 Something that is just unique to how you use it, 623 00:27:21,840 --> 00:27:23,800 especially if you're doing things that, 624 00:27:25,360 --> 00:27:27,320 I mean, we all do things that are important to us, 625 00:27:27,320 --> 00:27:28,600 but if you're working in a space 626 00:27:28,600 --> 00:27:30,640 where you're accessing customer data 627 00:27:30,640 --> 00:27:34,160 and you're unsure of the security of the network you're in, 628 00:27:34,160 --> 00:27:36,000 you can try and increase it yourself. 629 00:27:36,000 --> 00:27:38,080 Definitely push for the whole organization, 630 00:27:38,080 --> 00:27:40,200 but you can definitely stop that. 631 00:27:41,840 --> 00:27:43,720 Yeah, and I guess as we're probably getting close 632 00:27:43,720 --> 00:27:45,680 to the end of here, the one thing that I'll say, 633 00:27:45,680 --> 00:27:47,960 and I've said it in many, many of our podcasts, 634 00:27:47,960 --> 00:27:50,720 and I'll say it again, some of the most important 635 00:27:50,720 --> 00:27:53,120 security tools you can do is, number one, 636 00:27:53,120 --> 00:27:54,280 I would start with MFA. 637 00:27:54,280 --> 00:27:56,880 Start with MFA, start with MFA, start with MFA. 638 00:27:56,880 --> 00:27:59,920 If I had a 1A, 1B, I'd throw EDR in there, 639 00:27:59,920 --> 00:28:03,000 but we've done that podcast too. 640 00:28:03,000 --> 00:28:07,160 But it is incredibly important, it is a dramatic increase 641 00:28:07,160 --> 00:28:09,960 in security, start with MFA. 642 00:28:12,320 --> 00:28:13,160 Agreed. 643 00:28:13,160 --> 00:28:15,520 And yes, we're talking healthcare, 644 00:28:15,520 --> 00:28:18,000 but also please do it for all your banking. 645 00:28:18,000 --> 00:28:21,800 Just as a PSA for everyone, just add it to your banking. 646 00:28:22,800 --> 00:28:24,200 Or credit cards for that matter. 647 00:28:24,200 --> 00:28:25,360 Or credit cards, yeah. 648 00:28:28,120 --> 00:28:29,440 Yeah, for sure. 649 00:28:29,440 --> 00:28:34,440 And I liked Todd mentioned earlier in our chat 650 00:28:34,880 --> 00:28:39,680 our how many MFA tools do you have on your phone? 651 00:28:39,680 --> 00:28:41,560 So we'll definitely have to bring that up next time. 652 00:28:41,560 --> 00:28:44,520 I'm trying to count how many I have as we're talking, 653 00:28:44,520 --> 00:28:47,120 like so many for so many different things, 654 00:28:47,120 --> 00:28:49,440 and so many things for personal as well. 655 00:28:49,440 --> 00:28:51,880 So we're talking healthcare, we're talking business, 656 00:28:51,880 --> 00:28:55,240 we're talking banks, but just you and your day to day, 657 00:28:55,240 --> 00:28:58,720 it's probably important to look into what an MFA 658 00:28:58,720 --> 00:29:01,400 can do for you and what you can use it for. 659 00:29:02,240 --> 00:29:04,320 So thank you, thank you, Todd. 660 00:29:04,320 --> 00:29:06,400 Thank you, Matthew, for joining us today. 661 00:29:06,400 --> 00:29:09,960 If you have a question, if you'd like to learn more 662 00:29:09,960 --> 00:29:14,560 about MFA or any other topics you want us to talk about, 663 00:29:14,560 --> 00:29:18,960 reach out to us at info at cit-net.com 664 00:29:18,960 --> 00:29:23,880 or head out to our website, cit-net.com slash podcast. 665 00:29:23,880 --> 00:29:28,880 And we'll be back next week with an all new episode.