• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

Jumio next-generation of digital ID verification.
  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Audit Reveals Poor Remote Security Practices at the IRS

August 20, 2020

A new audit has revealed that the Internal Revenue Service (IRS) did not properly authenticate tens of thousands of devices that accessed the organization’s internal network. Those connections were wireless or made through a Virtual Private Network.    

Audit Reveals Poor Remote Security Practices at the IRS

The audit was carried out by the Inspector General for the Treasury Department. It found that the overwhelming majority (92 percent) of wireless connections were not properly vetted, and another 3 percent were only verified with a password instead of a more secure form of certification. The numbers were even worse for Virtual Private Networks, with none of the 26,237 VPN connections getting the appropriate clearance. 

As the report points out, each incident represents a potentially critical security gap, especially given the sensitive nature of the information on the IRS database.

“Without properly authenticating all devices, the IRS does not have adequate controls to ensure that only authorized devices are allowed access to its internal network and taxpayer data may be at risk,” reads the report.

The numbers were pulled from one day of activity on the agency’s Identity Services Engine, which recorded more than 104,000 wired connections and more than 31,000 wireless ones. According to the audit, the majority of the wired connections were verified with certificate-based authentication.

To address the problem, the Inspector General advised the IRS to implement certificate-based authentication for all devices and connections, and to phase out legacy devices that rely on the weaker Media Access Control Authentication Bypass system. It also warned that the agency needs to modify its Unified Access project to adhere to Enterprise Life Cycle methodology.

For its part, the IRS accepted the Inspector General’s recommendations, and indicated that it will be ready to certify wireless connections in February. However, the agency will need more funding to protect VPNs. It will not be able to ensure VPN security until February of 22, and that is assuming the IRS receives adequate financial support.

The report highlights some of the security issues that have emerged as remote activity has increased during the COVID-19 pandemic. The market for identity verification technology is expected to skyrocket in the next few years, largely because organizations like the IRS will need to take extra precautions to make remote connections as safe as those in the office.

Source: Nextgov

Filed Under: Industry NewsTagged With: cyber threats, cybersecurity, digital security, government cybersecurity, government reports, Internal Revenue Service, IRS, online security, Virtual Private Networks, VPNs

Related News & Articles

Deutsche Telekom Signs On for OT-Morpho eSIM Solution

Nuance Provides Ambient Clinical Intelligence for Monument Health

IDEX Receives First Order for Biometric Payment Card Tech

Primary Sidebar

Premier Partners

Read the Latest Year in Review Analysis:

FacePhi Selphi

Tweets

FacePhi Selphi

Sponsored Links

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi's product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/
Aware Knomi

Events

View All Events

IDEMIA big box

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives

Follow Us

Copyright © 2021 MobileIDWorld