Multi-Factor Authentication: Unnecessary Annoyance or Critical Security Layer?
If you’re like most people, you don’t leave your home without locking the doors and making sure that there aren’t any windows open that would tempt a burglar looking for an easy entry. While you’re away, the security of your home isn’t topmost in your mind because you know you did what you could to keep your property and possessions safe. Now imagine that you’re storing an expensive collection of jewelry. Would you still be confident using your usual security procedure? Probably not, yet this is what you’re doing if you depend on passwords alone to keep your data and IT systems safe.
Your Data and Access to IT Systems Are Valuable
Many business executives don’t realize the value of the ordinary data that they collect and store on a daily basis. Certainly, trade secrets and intellectual property have value, but so does your customer information, and the personally identifiable information that you gather about your employees. There’s an active marketplace for data on the dark web, and every business is a target for cyber attacks.
Even your email accounts have value that you probably don’t recognize. Hackers try to get into email accounts as part of targeted phishing schemes. Once they’ve cracked a password and can closely study their target, the bad guys can gather the information they need to create and execute plans that give employees bogus instructions to divert money that will more than likely never be recovered.
Your data isn’t the only target for cyber criminals. More and more cyber attacks are initiated not to get to your data, but to get access to your customers’ networks through your network. If you’re a part of any government supply chain, you’re already seeing cyber security requirements pushed down to vendors, and one reason is to eliminate vendor networks as entry points for cyber criminals.
Passwords Are Oh So Easy to Crack
Assume that there is always some kind of automated software program, or brute force attack, trying to figure out the passwords on your online accounts, both personal and professional. Passwords aren’t really that hard to crack, especially since many people create their passwords so that they can remember them, and not to keep them safe from hackers.
Hackers can buy a subscription to a software program to crack passwords, but they have other methods that they use to bypass security. Sometimes people are manipulated into sharing a password through social engineering via an email, phone call or a pop-up message on their web browser.
Add a Layer of Security with Multi-Factor Authentication
If you can’t rely on passwords alone to keep your accounts safe, you need to add a layer of security and that’s what multi-factor authentication is for. Also known as MFA or 2-factor authentication, this security technique adds another step to the login process for your people, which is a reason why some employees might push back when it’s required.
Multi-Factor authentication relies on the combination of at least two different methods to “authenticate” that you are who you say you are when trying to login to an account. Authentication methods include:
- Something you know such as a password or PIN.
- Something you have in your possession such as a badge or a smartphone.
- Something you are such as your fingerprint or your voice.
One of the most popular combinations of two steps is a password and a code on your smartphone. You’ve probably been asked to set this up if you have a Google or Facebook account. Not only is multi-factor authentication available on popular software accounts, your firewalls, filters, servers and other network equipment may be enabled with 2-factor authentication.
How to Avoid Push Back on Multi-Factor Authentication
Often when a layer of security is added, a process is changed with an added step. People don’t like to be slowed down but the cost of a data breach will do much more harm to your business than the effort you expend to train your employees on how to implement the added security.
The best way to get everyone onboard is to first cultivate an environment of security. Starting with leadership, communicate how security is a capability that your organization needs to stay in business.
Give employees the training and the tools they need to implement the measures you’re introducing. This might require that you examine your mobile device management policy. For example, if the process requires that the employee receive a code on their personal device, then you’ll need to figure out if this is a secure solution or if you need to do something different.
Don’t Make Password Management Your Blind Spot
In order to stay secure on the internet, you need multiple layers of security. Multi-factor authentication is a security layer that businesses are choosing to implement because it means a big jump in protection against intruders compared to relying on passwords alone.
No one wants to compromise productivity, but you must ask yourself if you really want to sacrifice your security for convenience.
Wondering if There Are Gaps in Your Security?
Contact us to schedule a cyber security assessment and find out if there are gaps that are exposing your business to unnecessary risk.