• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Audit Reveals Poor Remote Security Practices at the IRS

August 20, 2020

A new audit has revealed that the Internal Revenue Service (IRS) did not properly authenticate tens of thousands of devices that accessed the organization’s internal network. Those connections were wireless or made through a Virtual Private Network.    

Audit Reveals Poor Remote Security Practices at the IRS

The audit was carried out by the Inspector General for the Treasury Department. It found that the overwhelming majority (92 percent) of wireless connections were not properly vetted, and another 3 percent were only verified with a password instead of a more secure form of certification. The numbers were even worse for Virtual Private Networks, with none of the 26,237 VPN connections getting the appropriate clearance. 

As the report points out, each incident represents a potentially critical security gap, especially given the sensitive nature of the information on the IRS database.

“Without properly authenticating all devices, the IRS does not have adequate controls to ensure that only authorized devices are allowed access to its internal network and taxpayer data may be at risk,” reads the report.

The numbers were pulled from one day of activity on the agency’s Identity Services Engine, which recorded more than 104,000 wired connections and more than 31,000 wireless ones. According to the audit, the majority of the wired connections were verified with certificate-based authentication.

To address the problem, the Inspector General advised the IRS to implement certificate-based authentication for all devices and connections, and to phase out legacy devices that rely on the weaker Media Access Control Authentication Bypass system. It also warned that the agency needs to modify its Unified Access project to adhere to Enterprise Life Cycle methodology.

For its part, the IRS accepted the Inspector General’s recommendations, and indicated that it will be ready to certify wireless connections in February. However, the agency will need more funding to protect VPNs. It will not be able to ensure VPN security until February of 22, and that is assuming the IRS receives adequate financial support.

The report highlights some of the security issues that have emerged as remote activity has increased during the COVID-19 pandemic. The market for identity verification technology is expected to skyrocket in the next few years, largely because organizations like the IRS will need to take extra precautions to make remote connections as safe as those in the office.

Source: Nextgov

Filed Under: Industry News Tagged With: cyber threats, cybersecurity, digital security, government cybersecurity, government reports, Internal Revenue Service, IRS, online security, Virtual Private Networks, VPNs

Related News & Articles

Facial Recognition Gives Art History Academic New Architectural Insights

NXP Releases Two More MCUs for IoT Devices

Securiti.ai Announces $50 Million in Series B Funding

Primary Sidebar

Register For the Next Virtual Identity Summit

Register now!

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Thai Authorities Approve Mobile ID for Airport Boarding
  • New Yoti Solution Ties Biometrics to e-Signatures
  • Kenya’s New President Pushes for Digital ID By Year’s End
  • MDL, Digital ID Gain Momentum in State Efforts
  • Brazil-based Selfie Onboarding Startup Reports 250% Sales Jump, Global Expansion

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld