Skip to main content

Trucell Announced as Preferred Reseller of LG Diagnostic Displays in Australia

By Diagnostic Monitors, Healthcare & Medical No Comments

Trucell Pty Ltd, a leading provider of medical imaging solutions in Australia, is proud to announce that it has been selected by LG Electronics as one of its two preferred resellers for LG Diagnostic Displays in Australia. This partnership underscores Trucell’s commitment to providing the highest quality medical imaging technology to healthcare providers across the country.

LG Electronics, a global leader in electronics and technology, has recognised Trucell’s dedication to excellence and customer service in the medical imaging sector. This partnership will allow Trucell to offer LG’s state-of-the-art diagnostic displays, known for their exceptional clarity, precision, and reliability, to a wider range of healthcare providers.

LG Diagnostic Displays are designed to meet the demanding needs of today’s healthcare industry. They offer superior image quality, ensuring accurate diagnoses and patient treatment. With this partnership, Trucell will be able to provide these cutting-edge displays to hospitals, clinics, and medical centres across Australia.

About Trucell Pty Ltd

Trucell is a leading provider of medical imaging solutions in Australia. With a focus on innovation and customer service, Trucell offers a wide range of products and services designed to meet the needs of healthcare providers. Trucell is committed to providing the highest quality technology to help healthcare providers deliver the best possible patient care.

About LG Electronics, Inc.

LG Electronics, Inc. is a global leader in technology and consumer electronics. LG’s vision is to deliver innovative digital products and services that make life better, easier and more comfortable for consumers. The company is known for its high-quality products, innovative technology, and commitment to social responsibility.

View our range of monitors.

For more information, please visit www.trucell.com.au and select contact us.

Trucell Joins HP Amplify Program to Drive Partner Growth and Deliver Exceptional Customer Experiences

By HP No Comments
HP Amplify Membership Certificate

We are pleased to announce that Trucell has joined the HP Amplify Program as a member, part of a unique global channel partner program designed to foster dynamic partner growth and deliver a consistent end-customer experience. . HP Amplify provides partners like Trucell with the insight, skills and collaboration tools to drive growth and thrive in today’s competitive marketplace.


At Trucell, we strive to provide superior services and solutions to our customers, and your membership in HP Amplify is a testament to that goal. By joining the program, you will enjoy many benefits and connect with your customers on a deeper level.

One of the key benefits of being a member of HP Amplify is access to HP’s extensive resources and expertise. This program provides insights and analysis that enable us to better understand our clients’ needs and preferences and provide customized solutions that meet their evolving requirements. HP Amplify’s collaboration tools also allow you to connect with others, share best practices, and collaborate on innovative ideas that drive business growth.

In addition to these benefits, HP Amplify also offers a strong go-to-market, making it easier for you to connect with your customers and deliver the solutions they need. This means we can be more flexible to meet our customers’ needs and offer superior service that sets us apart from our competitors.
We are excited about this new partnership with HP Amplify and believe it will bring even greater value to our customers. As we continue to reinvent the way we do business, we strive to provide innovative solutions that meet our customers’ evolving needs.

In summary, Trucell joining her HP Amplify program is an exciting development that reflects our commitment to driving partner growth and delivering a superior customer experience. We are delighted to be part of this innovative program and look forward to working with others to drive business growth and success.

Ensuring Accurate Medical Image Representation And Patient Safety

By Diagnostic Monitors, Radiology No Comments

DICOM Compliance: Monitoring the Monitors

DICOM compliance for diagnostic monitors is often overlooked until something goes wrong. Regular DICOM compliance testing is of utmost importance to ensure that medical imaging displays deliver high-quality results with accurate diagnoses.

Displaying a compliance check for a recent DICOM Compliance Check.

Diagnostic imaging technologies are built to provide accurate and detailed images of the human body. The images created by this technology must be displayed accurately on a monitor in order to properly diagnose a patient. This is where DICOM comes into play. It stands for Digital Imaging and Communication in Medicine, and it is an international standard used by medical professionals to ensure that digital imaging equipment is compliant with the necessary quality controls.

Unfortunately, many healthcare facilities overlook the need to test their monitors for DICOM compliance regularly. Without routine tests, any display errors or inaccuracies can lead to misdiagnoses, incorrect treatments, and even wrongfully administered drugs or surgery. Moreover, these problems may not become apparent until it’s too late; if a monitor has been displaying inaccurate images without anyone noticing, then there could be serious consequences for patients’ health down the line.

As such, all healthcare facilities should take proactive steps to ensure their diagnostic monitors are in compliance with DICOM standards. A professional should be consulted to carry out regular inspections of hardware and software components as well as comprehensive testing of the viewing environment itself: lighting levels, seating position relative to the screen brightness, monitor calibration parameters etc.. All these elements can have an effect on how accurately images are displayed on the monitor — so they must be checked frequently!

At the end of the day, ensuring your diagnostic monitors are compliant with DICOM standards is essential for guaranteeing patient safety and protecting against malpractice claims — not just now but long into the future as well. Don’t let negligence catch up with you; make sure you’re taking every step necessary to keep your patients safe!

Non-Diagnostic Quality Monitors

Non-diagnostic quality monitors are not suitable for viewing radiology exams for a number of reasons. The most important factor is that these displays lack the design features necessary to accurately display medical images. Non-diagnostic quality monitors may have lower resolution, slower refresh rates, and poorer colour accuracy than those designed specifically for medical imaging. They also lack features such as backlight uniformity and gamma correction, which are essential to ensure accurate image representation and reliable diagnoses.

The accuracy of the displayed image is not the only factor to consider — non-diagnostic quality monitors may also have less robust construction, low-reliability ratings, or short lifespans. In addition, many diagnostic radiologists prefer higher-end displays with more advanced features such as automatic calibration, adjustable white point settings, and multiple preset modes. These more specialized screens can provide an enhanced experience for both healthcare professionals and patients alike.

Moreover, non-diagnostic quality monitors are not designed to be used in a medical setting and cannot stand up to the rigours of a clinical environment. For example, they may not be made from materials that can withstand regular exposure to cleaning agents or disinfectants; this means that any dirt or debris that accumulates on the monitor’s surface may not be easily removed without damaging it further. Furthermore, non-diagnostic quality monitors tend to have shorter warranties than those designed specifically for medical use — meaning any failure could leave users high and dry when they need it most!

Finally, using non-diagnostic quality monitors in a clinical setting is strongly discouraged by professional organizations such as the American College of Radiology (ACR) and or The Royal Australian and New Zealand College of Radiology (RANZCR). This is because these types of displays do not meet the requirements necessary to ensure patient safety — leading to potential misdiagnoses and other mistakes due to inaccurate representations of medical images.

In summary, it’s clear that non-diagnostic quality monitors should never be used for viewing radiology exams — due to their inability to accurately display medical images with sufficient fidelity; their lack of features necessary for reliable diagnoses; their potentially weaker construction; shorter lifespans; and lower warranty coverage compared with professional-grade medical imaging displays.

Browse our range of Diagnostic Displays.

At Trucell, we understand that patient safety and quality of care should be a top priority for any healthcare provider. That’s why we offer a comprehensive DICOM compliance check for diagnostic monitors — to ensure patients are receiving the highest quality imaging available. Our team of experienced technicians can provide professional inspections, tests, and assessments of hardware.

Insider Threats

Insider Threats Are Getting More Dangerous! Here’s How to Stop Them

By Cybersecurity No Comments

One of the most difficult types of attacks to detect are those performed by insiders. An “insider” would be anyone that has legitimate access to your company network and data. This would be via a login or other authorized connection.

Because insiders have authorized system access, they bypass certain security defenses. Such as those designed to keep intruders out. Since a logged-in user isn’t seen as an intruder, those security protections aren’t triggered.

There are three troubling statistics from a recent report by Ponemon Institute They illustrate the importance of addressing this threat. Insider attacks are getting worse, taking longer to detect and becoming more extensive. The report found that over the last two years:

  • Insider attacks have increased by 44%
  • It takes organizations 85 days to contain an insider threat, compared to 77 days in 2020.
  • The average cost of addressing insider threats has risen by 34%

It’s important for companies to understand what makes up an insider threat. That’s the first step towards mitigation.

4 Types of Insider Threats

One reason that insider threats can be hard to detect is that there is not just one kind. Employees, vendors, and hackers can all perpetrate insider security breaches. To further complicate detection, some may be malicious and others accidental.

Here are the four main types of insider threats faced by company networks.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Malicious/Disgruntled Employee

A sales employee that is leaving the company may decide to take all their contacts with them. This is a malicious theft of company data.

Another example of this type of insider attack is a disgruntled employee. They may be upset with their manager who just fired them and decide to do the business harm. They could plant ransomware or make a deal with a hacker to give over their login credentials for cash.

Careless/Negligent Employee

Some insider threats are due to lazy or untrained employees. They don’t mean to cause a data breach. But may accidentally share classified data on a nonsecure platform. Or they may use a friend’s computer to access their business apps. Being completely unaware of the security consequences.

3rd Party with Access to Your Systems

Outsiders with access to your network are also a very real concern. Contractors, freelancers, and vendors can all constitute an insider breach risk.

You need to ensure that these third parties are fully reviewed. Do this before you give them system access. You should also allow your IT partner to review them for any data security concerns.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Hacker That Compromises a Password

Compromised login credentials are one of the most dangerous types of insider threats.

This has now become the #1 driver of data breaches around the world.

When a cybercriminal can access an employee’s login, that criminal becomes an “insider.” Your computer system reads them as legitimate user.

Ways to Mitigate Insider Threats

Insider threats can be difficult to detect after the fact. But if you put mitigation measures in place you can stop them in their tracks. Being proactive keeps you from suffering a costly incident. One that you may not know about for months.

Here are some of the best tactics for reducing insider threat risk.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Thorough Background Checks

When hiring new employees make sure you do a thorough background check. Malicious insiders will typically have red flags in their work history. You want to do the same with any vendors or contractors that will have access to your systems.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Endpoint Device Solutions

Mobile devices now make up about 60% of the endpoints in a company. But many businesses aren’t using a solution to manage device access to resources.

Put an endpoint management solution in place to monitor device access. You can also use this to safelist devices and block unauthorized devices by default

Multi-factor Authentication & Password Security

One of the best ways to fight credential theft is through multi-factor authentication. Hackers have a hard time getting past the 2nd factor. They rarely have access to a person’s mobile device or FIDO security key.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Couple this with password security. This includes things like:

  • Requiring strong passwords in your cloud apps
  • Using a business password manager
  • Requiring unique passwords for all logins

Employee Data Security Training

Training can help you mitigate the risk of a breach through carelessness. Train employees on proper data handling and security policies governing sensitive information.

Network Monitoring

Once someone has user access to your system, how can you catch them doing something wrong? You do this through intelligent network monitoring.

Use AI-enabled threat monitoring. This allows you to detect strange behaviors as soon as they happen. For example, someone downloading a large number of files. Or someone logging in from outside the country.

Need Help Putting a Stop to Insider Attacks?

A layered security solution can help you mitigate all four types of insider threats. We can help you with a robust yet affordable solution. Contact us today for a free consultation.

Microsoft Viva sales

Everything You Need to Know About Microsoft Viva Sales

By Microsoft No Comments

Data entry is a real drag for salespeople. The time they spend on administrative tasks is time away from customer interactions. But data matters — it’s important to capture orders, quotes, needs, and more from your customers.

Lead and sales reporting help sales managers know where to direct their attention. Analytics also help drive more efficient ways of closing the deal.

Microsoft is taking up the mantle of this challenge by launching a new digital experience for sales teams. Microsoft Viva Sales application is part of Microsoft’s “Viva” line which includes things like Viva Insights for improved staff wellbeing, as well as Viva Learning for staff development.

The Viva apps are designed to make your life easier, by eliminating the most tedious tasks. They integrate natively with MS Teams and Microsoft 365 so you can automate processes that would otherwise take up too much of your time.

Viva Sales is a CRM (customer relationship management) app that can help sales teams stay organized and efficient. We’ll go through some FAQs about the program, its features as well as when you can get it.

What Is Microsoft Viva Sales?

Viva Sales is an application that will provide sales and lead insights. These data points are populated throughout Office 365, and Microsoft Teams— the focus of this app lies in cutting unnecessary manual entry for sellers so they can spend more time selling their product or service instead.

How Does Viva Sales Work? Is It a CRM?

Though it might seem like a replacement for your CRM, Viva Sales is NOT going to replace your normal CRM platform. Viva Sales is actually an app that connects to other sales-related apps and leverages data from those connections. This means you can spend less time sorting through paperwork by making use of all the information in one place!

Salespeople spend approximately 34% of their time on administrative tasks.

Viva Sales Basics

Some of the core advantages of Viva Sales are:

  • Eliminate forms: Data entry for sales professionals is greatly reduced, which frees them up to do more customer relationship building.
  •  Data Leveraging: Viva Sales is a powerful tool that integrates with multiple platforms. This integration allows salespeople to cross-reference data points and gain valuable insights, all within one platform!
  • AI-Driven Help: Salespeople will get AI-driven prompts. These recommendations and reminders assist them in the sales process along with the lead.

Interconnected Interface

All of the M365 applications include sales-specific data from Microsoft Viva Sales. Salespeople have access to necessary customer information wherever they are. Including, when using a Microsoft or non-Microsoft CRM or Outlook Calendar.

Image courtesy of Microsoft

Viva Sales Features

Tag to Capture Sales Interactions

Using someone’s “@name” to get their attention is referred to as tagging. Many cloud-based apps use this common software integration.  It’s also used within Microsoft 365.

Salespeople can use this tagging feature. They can use it to gather data for a prospect or customer from another M365 application. This involves adding a person by applying a tag for their Viva Sales name to a list of clients. The system will record the lead’s or customer’s contextual information.

Collaborate

With Viva Sales, working with your team on a sales prospect or customer is now simpler than ever. To copy and paste information into a message, you don’t need to look it up. Utilize the tagging feature to quickly populate lead information from Viva Sales.

Image courtesy of Microsoft

Also, opening or editing a lead or customer record is simple. There’s no need to find and launch another app. The process uses the fewest clicks possible to get you where you need to go.

Call Summaries & Integrated Data

Lack of understanding is one thing that both customers and salespeople hate. Suppose a salesman is unaware of a recent customer interaction.

This may occur when business communications systems isolate data from various sources. For instance, having a customer’s website chat session in one location and the messages from their phone call in another.

All of this client engagement data is compiled into a single view by Viva Sales. The salesperson can view call summary and record call action items.

Download & Customize

Salespeople that prefer an Excel view of their contact list is available in Viva Sales. You can also download lead and customer lists and customize the application per the organization’s needs.

When Will Viva Sales Be Available?

There is no specific debut date yet, but you can be sure that we will keep an eye on this as Microsoft has stated that Viva Sales would “come in Q4 2022.”

In the meantime, you can watch a video explaining the application on Microsoft’s site here.

Take Advantage of Microsoft Viva Automation

Microsoft created the Viva family of productivity-focused digital experience apps. These apps facilitate information discovery, foster a sense of community, and boost productivity for workers.

Microsoft created the Viva family of productivity-focused digital experience apps. These apps facilitate information discovery, foster a sense of community, and boost productivity for workers.

The ideal moment to explore those that have already launched and prepare for Viva Sales is right now.
For a free consultation on how to enhance your team’s digital experience, contact us right away.

Checklist For Better Digital Offboarding Of Employees

Checklist For Better Digital Offboarding Of Employees

By Cybersecurity No Comments

The departure of an employee leaves behind a trail that can be used by hackers to steal company data. In order for businesses to protect themselves, Digital Offboarding must happen before they leave the workplace so as not give up any advantages over potential competitors or informers within your organization who may have had access while working there.

When an employee leaves a company, there is a process that needs to happen. This is the process of “decoupling” the employee from the company’s technology assets. This digital offboarding is vital to cybersecurity.

Checklist For Better Digital Offboarding Of Employees
[Pixabay]

It is crucial to secure your company’s data. 20% of surveyed businesses have experienced a breach from former employees and it can have serious consequences for you as well!

The digital offboarding process is a critical step in reducing risk for former staff members. This checklist will help you cover all your bases and protect company data from potential hackers.

Your Digital Offboarding Checklist

Knowledge Transfer

Vast corporate knowledge can disappear when a person leaves an organization. It’s important to capture this during a digital offboarding process. 

Checklist For Better Digital Offboarding Of Employees

[Pixabay]

This could be something as simple as what social media app someone used for company posts. Or it may be productivity leveraging. Such as the best way to enter the sales data into the CRM.

You must make sure to do a knowledge download with an employee during the exit interview. Better yet, have all staff regularly document procedures and workflows. This makes the knowledge available if the employee is ever not there to perform those tasks. 

Address Social Media Connections to the Company

It may be time to address any social media connections of the former employee. Was their personal Facebook account used in connection with your company’s page? Do they post on LinkedIn too, or other sites where you have an official presence as a business figure?

Identify All Apps & Logins the Person Has Been Using for Work

In today’s world of Bring Your Own Device (BYOD), there are many ways employees can use their own devices for work purposes. As you might expect, this opens up new security risks that must be mitigated before they become problems.

If you don’t already have a list of all the apps and website logins that an employee uses for work, make sure your HR or IT department document these. You may also want to explore ways in which these can be addressed – either by changing their login credentials on certain applications if it’s necessary (or) exporting data from them before closing them down completely so no more information gets lost than necessary.

Checklist For Better Digital Offboarding Of Employees

[Unsplash]

Change Email Password

When an employee leaves, their account should be closed and the password changed. This will prevent them from accessing company information or emailing as a former representative of your business —which could cause major problems if they have access to customer data.

Change Employee Passwords for Cloud Business Apps

The best way to protect your company data is by changing all other app passwords. People often access business apps on personal devices, so just because they can’t log in anymore doesn’t mean you should let them remain active with old accounts.

In order to simplify the process of changing passwords, you can use a single sign-on solution. This will lock them out regardless if they’re using an app or browser on their phone – just one click and it’s all done!

Checklist For Better Digital Offboarding Of Employees

[Unsplash]

Recover Any Company Devices

Make sure you recover any company-owned devices from the employee’s home. Remote employees are often issued equipment to use, so it is important for a manager or IT team member assigned as their “contact person” in order manage these items properly when they leave your company.

Do this as soon as possible to avoid loss of the equipment. Once people no longer work for a company, they may sell, give away, or trash devices.

Recover Data on Employee Personal Devices

When companies offer Bring Your Own Device (BYOD) policies, they save money by cutting down on expensive hardware costs. The downside is that it can be more difficult to offboard these devices.

Companies need to make sure that all company data is backed up on any device they use. If you don’t already have a backup policy in place, now would be an excellent time create one!

Transfer Data Ownership & Close Employee Accounts

Closing old employee cloud accounts is a great way to save money and keep your company safe. Imagine if you had left that unused account open for six months before realizing something was wrong? The criminal could’ve hacked into their data as soon as they gained access, stealing all sorts of information about clients or even committing crimes with it.

Checklist For Better Digital Offboarding Of Employees

[Unsplash]

Revoke Access by Employee’s Devices to Your Apps and Network

By using an endpoint device management system, you can easily revoke any employee’s devices from a list of approved devices. Remove the former employee’s device from any approved device list in your system.

Change Any Building Digital Passcodes

Be sure to change any physical access codes for the building, such as digital gate or door passcodes so the person can no longer gain access.

Need Help Reducing Offboarding Security Risk?

The process of addressing digital offboarding becomes easier and less risky when you take proactive measures. Contact us today for a free consultation to enhance your cybersecurity.

Trucell Customer Portal – Track Existing Tickets

By Uncategorized No Comments

There are a few things that end users can do to help ensure that their tickets are resolved in a timely manner. First and foremost, they should review the status and notes of their ticket on a regular basis. Additionally, following up with customer service via the portal can help keep everyone on track. By keeping tabs on their tickets, end users can help ensure that their problems are resolved as quickly as possible.

To gain access to your existing tickets please

  1. Open web browser and navigate to https://psa.trucell.com.au/portal
  2. Sign in to the customer portal.
  3. On the Dashboard please select My Tickets.
    My Tickets
  4. You will now be presented with My Tickets
    My Open Tickets

To view Closed Tickets, Awaiting Input

  1. Navigate to My Tickets from the Portal Dashboard.
  2. In the top left corner of the My Tickets page there is drop down.
  3. Select the desired dropdown option
    Select the Desired Dropdown

 

Trucell Customer Portal – Open New Ticket Request

By Trucell Research No Comments

Please see the following for instructions on how to open a ticket

If you are having trouble with your account or need technical support, please open a ticket by visiting the Trucell Customer Portal or emailing us at [email protected]. Be sure to include as much detail as possible, including your name, company name, and contact information. We will respond to your request as soon as possible.

For billing inquiries, please open a ticket by emailing us at [email protected]. Include your name, company name, and contact information in the email, and we will get back to you as soon as possible.

How to open a ticket via the Trucell Customer Portal.

If you need to open a service ticket, the easiest way is to visit our customer portal at https://psa.trucell.com.au/portal/. You will need to sign in to access the portal. Once you are signed in, you will have the option to open a new ticket.

There are several types of tickets that can be opened on the customer portal. To open a new ticket, click on the “New Ticket” button and fill out the required fields. The first field is the ticket type, which will determine what kind of issue you are having. We explain the issues below.

Incident

An incident is defined as any unplanned interruption or reduction in the quality of an IT Service. The incident management process is responsible for managing the lifecycle of all incidents. This includes ensuring that all incidents are recorded, monitored, and escalated through to resolution/restoration.

Example:

  • A user cannot login to their account
  • An application is not responding
  • A server is down

Problem

A problem is defined as the root cause of one or more incidents. The problem management process is responsible for managing the lifecycle of all problems. This includes ensuring that all problems are recorded, monitored, and resolved in a timely manner.

Examples of problems:

  • A user cannot login to their account because the password is incorrect
  • An application is not responding because the server it is hosted on is down
  • A server is down because the power supply is not working

Change Request

A Change Request is a formal proposal to modify or improve some aspect of the system. The Change Control Board (CCB) must review and approve all change requests before they can be implemented.

Examples of change requests:

  • Change the password policy for all users
  • Add a new user to the system
  • Install a new application on the server

Project

A Project is a ticket that represents a body of work to be completed. Projects can be large or small and may have sub-tasks associated with them. Projects are typically assigned to a project manager who is responsible for seeing the project through to completion.

Examples of project tickets:

  • Design and deploy a new network
  • Implement a new CRM system
  • Migrate the website to a new server

Task

A task is a ticket that represents a smaller body of work that is part of a larger project. Tasks are typically assigned to an individual who is responsible for completing the task.

Examples of task tickets:

  • Configure the new server for the website migration
  • Install the new CRM software on the server
  • Setup routing and firewall rules for the new network

Ticket Fields

The remaining fields, summary, details, urgency and impact are required fields and detail should be provided to the best of your knowledge. The more information you can provide, the easier it will be for our engineers to resolve your issue.

Once you have submitted the ticket, you will receive a confirmation email with your ticket number. You can use this ticket number to track the status of your ticket and add additional comments.

If you need help with your ticket or would like to join one of our support packages, please visit our customer portal at https://psa.trucell.com.au/portal/.

Registration, Log In, Keyboard, Hand, Write

Which Form of MFA Is the Most Secure? Which Is the Most Convenient?

By Cybersecurity No Comments

Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.

With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.

Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.

How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).

It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.

What Are the Three Main Methods of MFA?

When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same. There are key differences that make some more secure than others and some more convenient.

Let’s take a look at what these three methods are:

SMS-based

The form of MFA that people are most familiar with is SMS-based. This one uses text messaging to authenticate the user.

The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered. 

On-device Prompt in an App

Another type of multi-factor authentication will use a special app to push through the code. The user still generates the MFA code at login, but rather than receiving the code via SMS, it’s received through the app.

This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.

Security Key

The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.

The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.

Now, let’s look at the differences between these three methods.

Most Convenient Form of MFA?

Users can often feel that MFA is slowing them down. This can be worse if they need to learn a new app or try to remember a tiny security key (what if they lose that key?).

This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.

If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS-based MFA.

Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.

Most Secure Form of MFA?

If your company handles sensitive data in a cloud platform, such as your online accounting solution, then it may be in your best interest to go for security.

The most secure form of MFA is the security key.

The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone being lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.

The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.

A Google study looked at the effectiveness of these three methods of MFA at blocking three different types of attacks. The security key was the most secure overall.

Percentage of attacks blocked:

  • SMS-based: between 76 – 100% 
  • On-device app prompt: between 90 – 100%
  • Security key: 100% for all three attack types

What’s in Between?

So, where does the app with an on-device prompt fit in? Right in between the other two MFA methods.

Using an MFA application that delivers the code via push notification is more secure than the SMS-based MFA. It’s also more convenient than needing to carry around a separate security key that could quickly become lost or misplaced.

Looking for Help Setting Up MFA at Your Company?

Multi-factor authentication is a “must-have” solution in today’s threat climate. Let’s discuss your barrier points and come up with a solution together to keep your cloud environment better secured.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.