Back to Basics: Multi-factor Authentication

It has never been more important for cybersecurity to be a company priority then right now. The average cost of an U.S. data breach is $7.91M (whereas the global cost of a data breach is $3.86M). Companies need to be investing in the proper steps to minimize the risk of an attack or else… There are basic cybersecurity practices that businesses can utilize; one critical action companies can take is to implement multi-factor authentication.

 

What is multi-factor authentication?

Multi-factor authentication (MFA) is an additional security feature used when logging into an account. MFA’s require two or more pieces of credentials. The credentials may include a combination of:

Something you know: a username or password

Something you have: a USB hardware token, or mobile device

Something you are: fingerprint, retinal scan, facial recognition

The goal of MFA is to make it harder for a cybercriminal to access the account and information.

 

Why should a company use MFA?

Timehop, an app that pulls a user’s past social media content, suffered a breach. There was access to4.7 million phone numbers, usernames and email addresses. The reason the hackers were able to gain access? There was no multi-factor authentication in place for the cloud computing account. The only thing the hacker needed was the password.

 

The goal of an MFA is to protect data and information. The first line of defense for securing information is a password. Adding MFA protects that line of defense if a cybercriminal is able to get passed. According to a survey, weak or stolen user credentials are a hackers’ weapon of choice. As a result, those stolen credentials are then used in 95 percent of Web application attacks. For that reason, it is critical to protect credentials to limit the number of access points.

 

Implementing MFA

The first step of implementing MFA should be to complete a risk assessment. A risk assessment will help prioritize sensitive information. The recommendation is to add MFA to all systems with sensitive information.

 

After deciding to put MFA in place, it is critical to create a communication plan to inform employees. In the past, companies have found that 63% of employees will resist MFA. It is important to explain the associated risks of not using MFA and outline the steps they need to take.  Once in place and the cultural shift has taken place, your organizational security will exponentially increase.

 

Want to know more about how MFA can help your organization? Reach out and one of our security experts will be there to help!