MFA Explained: What It Is – Why You Need It
Would hearing news about break-ins and burglaries in your neighborhood cause you to check your window and door locks to see if you were doing what was needed to secure your house? You bet it would! You’d make sure that the dead bolt was being used in addition to the doorknob lock, and you’d confirm with your whole family that they knew what to do when they’re home and when they leave the house.
You should have the same concern for the internet neighborhood where your organization communicates and conducts business because it’s getting more dangerous all the time. Occasionally a big data breach will hit the national news, but you don’t hear of all the cyber break ins because there are just too many to report. Right now is definitely the time to add another layer of security with Multi-Factor Authentication (MFA) and engage a cyber “dead bolt” on all your corporate accounts.
Related: Download 8 Things You’re Doing in Your Business That Could Lead to a Cyber Attack
MFA Adds a Layer of Security to Your Accounts
Multi-Factor Authentication is a software tool that makes it harder for cyber criminals to get to your data and network with stolen login information. It makes identity management a lot more secure by adding a second step that happens in real time after submitting a username and password. Here’s how it works.
Imagine that a hacker gets the username and password to one of your accounts. It could be your email, your line of business software or some other software you use. As the hacker attempts to log in, an app on your phone gives you a notification that this is happening. You know it’s not you, so you don’t approve the entry and your account stays in your own hands.
According to the Verizon 2020 Data Breach Report, 37% of successful data breaches used stolen credentials to get to their target. When you consider all cyber attacks, including the incidents that didn’t end up in a full blown data breach, that number is even higher. What’s more, the report says that cyber criminals increase their chance of success when ransomware is combined with stolen credentials, and Password Dumper, a type of malware that is used to obtain credentials, tops the list of popular malware in the cyber criminal world.
How Do Hackers Get Account Credentials?
The bad guys have many different tactics for stealing account credentials. Software and social engineering are used alone or together, to trick people or find vulnerabilities that make it easy to get into employee accounts unnoticed. These tactics include:
Phishing – Fraudulent emails that entice the recipient to click a link or open an attachment that dumps malware on the victim’s device.
Malware – Keylogger programs that search for password data on web browsers and actual keystrokes of the user on their device.
Brute Force Attacks – Automated actions that attempt to reuse credentials that were previously exposed in a data breach.
Dictionary Attacks – Automated action that uses memorable phrases and lists of common passwords.
Shoulder Surfing – Capturing login information by looking over someone’s shoulder, or via cameras.
These are just a few of the methods that cyber criminals are using to get to the keys to your data and networks through your company accounts. Convinced now that you need the additional layer of security that MFA provides?
Getting Started with MFA
Consult your IT provider for a recommendation on which MFA solution works best for your company. They have already vetted the different options that are on the market and can guide you to what will work best for you.
While all MFA solutions require a second step to access accounts, the method for that step might be different, and within a platform there can be different choices. For example, you may receive and respond to a:
- Call on your cell phone
- Text to your cell phone
- Call to your office phone
- Notification in an app
- One-time code in an app
- Biometric input such as a fingerprint
When you introduce MFA to your people, the way you frame it matters. Some people may be reluctant or even angry that you’re making things harder for them. Explain the risks that your organization faces each day from a rising tide of cyber crime. Discuss the potential impact that a successful attack would have on your company, starting with lost time and frustration all the way to possible business failure.
If you haven’t already, implement ongoing cyber security awareness training. This will not only help your people learn how to recognize and respond to a cyber intrusion, but it will also keep security top of mind.
How’s Your Cybersecurity Peace of Mind?
While it’s true that cyber risks increase every day, that doesn’t mean you have to lose sleep about it. If you’re not confident that your IT provider has all the security bases covered, it’s time to look at your options. Contact us for a free security consultation.