Local and state governments are increasingly targeted by cyberattacks across a multitude of platforms and through a variety of methods which is why COLOTRUST continually works to enhance the tools that support its Participants in keeping their assets safe. Over the coming weeks, COLOTRUST will be implementing a few enhancements designed to assist your local government in protecting its account(s).

Mid-November Security Enhancement: Multifactor Authentication (MFA)

 New Enhancement Summary:

Beginning in the middle of November, Participants will be required to authenticate their log-in through MFA every twenty-four hours versus the current seven-day requirement. MFA verification is only required once per day if logging in on the same browser but will be required again if a different browser (or device) is chosen for login.

Effective November 11, 2023, MFA codes will no longer be sent via email. After this date, when logging in to the COLOTRUST Participant Portal, you will be prompted to select your MFA code to be sent either via text message to your mobile device or via an automated voice call to a direct phone number we have on file for you; in addition, MFA codes will be required once per day, per recognized user device.

New Enhancement Reason:

Local governments nationwide are being increasingly targeted by cyberattacks. Cybercriminals attempt to infiltrate local government systems through email to obtain sensitive information they can later exploit to gain access to financial accounts or data. Here’s why local governments are paying so much attention to business email compromise (BEC):

1. Financial Loss: BEC scams often aim to deceive employees into making unauthorized wire transfers or payments, resulting in substantial financial losses for organizations.
2. Data Breaches: In some cases, BEC attacks can lead to the exposure of sensitive information or the compromise of confidential data.
3. Reputation Damage: Falling victim to a BEC attack can damage an entity’s reputation and erode trust with customers, partners, and stakeholders.
4. Regulatory Consequences: Depending on your location and industry, data breaches resulting from BEC attacks may lead to legal and regulatory consequences, including fines.
5. Operational Disruption: Dealing with the aftermath of a BEC attack can disrupt your business operations, diverting resources from your core activities.

New Enhancement Benefits:

Enhanced Multifactor Authentication (MFA) for your account is a good practice for several reasons:

1. MFA adds an extra layer of security beyond a password, making it significantly harder for unauthorized users to access your account and only you should have access to MFA codes, even if your inbox were to become compromised.
2. Protection from Password Theft: Even if someone obtains your password, they would still need the second factor (e.g., a code from your phone or a phone call) to gain access, reducing the risk of unauthorized access.
3. Reduced Risk of Phishing: MFA helps protect you from phishing attacks, as the attacker would need more than just your password to access your account.
4. Alerts for Suspicious Activity: The enhanced MFA methods will assist in providing real-time alerts for account activity as text messages and phone calls are received even faster than email. If you didn’t initiate a login, you can take immediate action.

December Security Enhancement: Personal Identification Number (PIN)

New Enhancement Summary:

Before the end of the year, we will implement a caller verification process that provides our Client Services Team with the tools necessary to authenticate Participants when they call our call center.

In December, Participants will be required to set a unique, five-digit PIN during their first successful portal login. Going forward, your unique PIN will serve as a verbal verification each time you call the Client Service Team.

New Enhancement Reason:

Unique, individual Participant PINs will be implemented as a part of our platform-wide cybersecurity enhancement and program initiative focused on enhanced safety.

This feature is designed to assist Participants in protecting their unique access to their accounts and account data. PINs are a valuable tool for verifying the identity of callers or users and can play a role in safeguarding access to accounts, services, and sensitive information.

New Enhancement Benefits:

Using a Personal Identification Number (PIN) for caller verification offers several benefits:

1. Enhanced Security: PINs add an extra layer of security to verify the identity of the caller, making it harder for unauthorized individuals to impersonate someone else.
2. Privacy Protection: PINs can help protect sensitive information or services by ensuring that only authorized users have access to them.
3. Reduced Fraud: PINs can deter fraudulent activities, such as unauthorized access to accounts or services, by requiring knowledge of the secret PIN.
4. User Authentication: PINs provide a simple yet effective way to confirm that the person calling or accessing a service is indeed a legitimate user.
5. Quick Verification: PINs are a quick and effective way to verify a user’s identity for easy access to services.

We anticipate that these improvements will continue to assist our Participants in keeping their assets safe and accessible when needed. Public Trust will continue to monitor ways to enhance these efforts and will communicate insights as they evolve.

As always, please contact us with any questions you may have.