As cyber attacks become more and more common, protecting your data is increasingly difficult. In fact, a study from Juniper Research found that by 2023, cyber criminals are expected to steal an estimated 33 billion records.
In light of the growing number of cyber attacks, many companies are turning to multifactor authentication (MFA) to enhance their cyber security.
While no cyber security method is foolproof, using multifactor authentication can add an extra layer of security to your online accounts. So how exactly does multifactor authentication work?
What Is Multifactor Authentication?
While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, multifactor authentication is key.
Multifactor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks and servers.
With multifactor authentication, it’s not enough to just have your username and password. In order to log in to an online account, you’ll need another “factor” to verify your identity. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account, even if they have the password in hand.
A more secure way to complete multifactor authentication is to use a time-based one-time password (TOTP). A TOTP is a temporary passcode that is generated by an algorithm (meaning it’ll expire if you don’t use it after a certain period of time). With this method, users download an authenticator app, such as those available through Google or Microsoft, onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete login.
What should be protected with Multifactor Authentication?
Remote Network Access: Multifactor authentication for remote network access is an important security control that can help reduce the potential for a network compromise caused by lost or stolen passwords. Without this control an intruder can gain access to a business network in a similar manner to an authorized user.
Privileged/Administrative Access: Multifactor authentication for both remote and internal access to administrative accounts helps to prevent intruders that have compromised an internal system from elevating privileges and obtaining broader access to a compromised network. This can prevent an intruder from gaining the level of access necessary to successfully deploy ransomware across the network, erase activity logs, create bogus user accounts or even turn off anti-malware protection.
Remote Access to Email: When accessing e-mail through a website or cloud-based service on non-corporate devices multifactor authentication can help reduce an intruder’s ability to gain access to a user’s corporate email account. Threat actors often use email access to perpetrate various cybercrime schemes against businesses, as well as the businesses’ clients and customers.
Why Multifactor Authentication and Password Management Is Important
As multifactor authentication becomes more popular, some states are considering requiring it for certain industries. It’s possible that as cyber security concerns continue to grow and cyber attacks become more common, other states will follow suit.
Even if it’s not legally required, ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords.
Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
For additional cyber risk management guidance and insurance solutions, contact us today.
Source: Travelers Insurance: https://www.travelers.com/about-travelers/security/travelers-information-security-practices
2Arete Presentation “Ransomware Cards” 7-31-2020