Welcome to The CPA Journal Archives

Visit cpajournal.com to read the very latest from The CPA Journal


The Author Responds

Al Alper

I agree with Mr. Rechtman that, on the surface, two-factor authentication (2FA) trends like the much-vaunted antivirus software of the ’90s and 2000s. I feel, however, that 2FA will enjoy greater staying power and a more lasting success because it creates a significant barrier to entry for hackers.

Unlike traditional anti-malware and even the latest anti-ransomware, 2FA relies on three layers of protection: a traditional login to the system, a secondary system that generates a randomized, single-use code, and human interaction to read and transcribe the code. This layered approach across disparate systems creates a substantial and significant barrier to entry for hackers, much more so than the traditional end point–based anti-malware program.

All of that said, Mr. Rechtman is correct that no system is foolproof; eventually, cybercriminals will find their way around even 2FA. Layers of protection that include anti-malware, anti-ransomware, 2FA, a firewall, and spam filtering are like locks on a front door, making it so difficult for criminals to get that, hopefully, they move on to another target who doesn't have as many locks.

Finally, Mr. Rechtman rightly infers that an organization that is risk-aware and assumes a posture of security is the best defense against today's (and tomorrow's) cybercriminal; I couldn't agree more. Risk assessments, employee training and monitoring, and a solid incident response plan create an organization that is ever vigilant, secure and safe in the knowledge that all eyes are on the prize. The regulators would seem to agree as well, and included these as requirements in DFS 23 NYCRR 500.

Al Alper. Wilton, Conn.

Search for archived articles, authors, and topics below:


Login or create a new account