As a JumpCloud administrator, have you ever received pushback from JumpCloud support when you requested help? If so, how did you react? Were you annoyed? Were you indifferent? Or were you grateful that someone flagged the request as a possible security risk and took the time to double-check the validity of the request?
Attack vectors in IT run the gamut, but it’s notable that social engineering (SE) is a preferred route of malicious attackers. SE exploits people instead of technology; the human factor often provides a simple and effective route to bypass even strong security controls. More simply put, social engineering is someone manipulating someone else as a means to an end. Twitter recently learned the hard way that support personnel can be particularly vulnerable to social engineering, with disastrous results.
The Role of JumpCloud Support
Support’s role is to provide immediate assistance; support engineers are by nature and by training helpful, responsive, and sensitive to urgency. Bad actors exploit these traits as a means to an end, knowing that in most cases, saying “I’m sorry, but I cannot assist you in this case” is generally not an option for support personnel.
People affect security outcomes more than technology, policies, or processes.— Joanna Huisman, Gartner Magic Quadrant for Security Awareness Computer-Based, July 18, 2019
That pushback you may have experienced from a JumpCloud Support Engineer? That’s one methodology our support team uses to reduce vulnerability and help protect you while still providing world-class support.
In “The Art of Deception,” well-known social engineer Kevin Mitnick suggests the following three-step process to verify a request:
- Verify that the person is who they claim
- Verify that the person is a current employee or has need-to-know relationship with the company
- Verify that the person is authorized to make request
In other words, aren’t you glad we asked? We truly don’t want to make it harder for you to receive support, and we understand the extra work that you may have to put in to verify your identity. We appreciate it and hope that it ultimately helps you feel safer when you work with JumpCloud.
Other Strategies to Reduce Attack Vectors
There are many ways organizations can reduce attack surfaces — not just ones related to SE. Among them are training, best practices, and of course, JumpCloud!
JumpCloud is a comprehensive cloud directory platform you can use to manage and secure user identities, access, and devices — as well as enforce security policies for your users like complex passwords and multi-factor authentication (MFA) at access points.
At JumpCloud, we also work hard to create a safer identity for our customers. You can find a full description of the measures we take on our security page, where we discuss:
- Independent assessments and audits
- Secure communication
- Infrastructure security
- Vulnerability disclosure
Learn More & Next Steps
If you’re not already a JumpCloud customer, you can set up a JumpCloud Free account for unrestricted access to the platform. Create and manage up to 10 users and 10 systems free forever to evaluate whether JumpCloud is right for your organization. Plus, you’ll get 10 days of in-app chat support with real platform experts to help you get the most out of your account.