SEC is in trouble for not following a Tech Talk Commandment

We follow the commandments so we don't end up in front of Congress.

MajorLinux - Editor-in-chief

For those who watch or listen to Tech Talk Thursdays, we have some unwritten commandments about how to be safe on the internet. My favorite one is use multi-factor authentication (MFA) when at all possible. It’s why hearing that Authy was discontinuing their desktop app made me a little sad. But what makes me fearful of the future is when federal agencies are doing it. This is why the SEC is in the hot seat.

The Securities and Exchange Commission (SEC) was recently hacked on Twitter. When the account was compromised, it started sharing news about bitcoin ETFs being approved. While it apparently was going to happen, no news was officially shared at that time. This caused the price of bitcoin to bump up a bit. However, a day later, the SEC did approve 11 ETFs noting that “bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity.”

The hack itself raised some questions. When US Senators started looking into it, Twitter was quick to speak up. The social media company immediately pointed out that the SEC was not securing its account with multi-factor authentication. Senator Ron Wyden, in his letter to the SEC, said that it was “inexcusable” for the SEC to not have locked the account down more.

Given the obvious potential for market manipulation, if X’s statement is correct, the SEC’s social media accounts should have been secured using industry best practices. Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity. The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure.”

Senator Ron Wyden in letter to SEC

So, while I don’t know anything about bitcoin ETFs, what I do know is that using MFA will cover your ass in situations like this. It may be a nuisance, especially when sharing the account on a team, but consider the alternative.

It could land you in a congressional hearing.

Source: Engadget

Share This Article
By MajorLinux Editor-in-chief
Marcus Summers is a Linux system administrator by trade. He has been working with Linux for nearly 15 years and has become a fan of open source ideals. He self identifies as a socialist and believes that the world's information should be free for all.

Leave a Reply

Your email address will not be published. Required fields are marked *