News &

Ask Jack: Can An Image Deliver Malware?

Is it possible to deliver malware through an image? Jack provides the answer.

Ask Jack: What Is The Real Risk For Small- And Medium-Sized Businesses After A Cyber Attack?

Jack McCalmon, Esq. details the mindset small- and medium-sized employers should have when addressing cyber breach risk, and the end results of a breach.

Ask Jack: If I Purchase Macs, Do I Really Lower My Cyber Exposure?

An employer asks Jack McCalmon, Esq. if macOS will lower cyber exposures.

Emotet Malware Makes A Comeback: What is It And What Prevention Steps Can Employers Take?

Cybersecurity experts notice a significant increase in cybercriminals are using this malware to attack networks. What can you do to help prevent it?

Facial Recognition Faces Challenges Even Though Passwords Still Present Security Risks

The General Services Administration (GSA), which oversees federal offices and technology, has decided that facial recognition technology will not be used on its secure log-in service,

The GSA's already provides sign-in services to 200 websites run by 28 federal agencies and has been used by more than 40 million people. This position differs from that of the Internal Revenue Service and other federal agencies that sought to require Americans to consent to facial recognition to sign on to government websites.

The GSA says the face-scanning technology has too many problems to justify its use as an identity verification service. The director of the GSA's Technology Transformation Services has stated that the GSA "is committed to not deploying facial recognition … or any other emerging technology for use with government benefits and services until a rigorous review has given us confidence that we can do so equitably and without causing harm to vulnerable populations."

The Treasury Department last year awarded a two-year, $86 million contract to a private contractor,, that would require taxpayers to send in video scans of their face before they can verify their identities and access their tax records online. The plan was scheduled to go into effect this summer. The GSA's site was built and is operated by government employees to accomplish the same tasks as by relying on more traditional methods of identity verification, such as scanning government records and credit reports.

However, the IRS announced it has abandoned that plan after news of the contract stirred up a controversy because facial recognition systems are unregulated in the United States and have been shown in federal tests to work less accurately for people with darker skin. Members of Congress and privacy advocates also voiced concern that the systems could undermine Americans' privacy rights or unfairly disadvantage people without access to a smartphone, laptop camera, or the Internet. "Huge government agencies clash over imposing facial recognition" (Feb. 07, 2022).


Leadership’s decision to oversee the hardening of a company’s cyber defenses can be informed by the pros and cons of using facial recognition illustrated by the contrasting positions taken by the IRS and the GSA.

Federal guidelines published in 2017 by the Commerce Department’s National Institute of Standards and Technology urged agencies to follow identity-verification standards, known as “Identity Assurance Level 2,” that includes collecting a person’s facial image, fingerprint, or other “biometric sample,” either in-person or remotely, to help stop fraud.

Over 40 percent of IT leaders estimate that they could reduce their risk of breach by almost half simply by eliminating passwords. Nearly every security leader (86 percent) would do away with passwords if they could. Almost three-in-four (72 percent) are actively looking to replace passwords. However, until passwords are replaced by other means of access such as digital devices, security keys, or by using Bluetooth, USB, or NFC devices to authenticate their login, passwords are here to stay.

Cybersecurity experts recommend organizations integrate a two-factor authentication system or require a password manager. Neither requires employees to recall complex strings of characters, and both better protect data. Moreover, biometric devices go beyond fingerprint readers. They can include retina and iris scanners, handprint patterns, DNA Fingerprints or DNA Matching, deep tissue illumination, keystroke or typing pattern, ear shape, gait, odor, signature recognition, typing recognition, and vein recognition.

Finally, your opinion is important to us. Please complete the opinion survey: