The single most impactful changes you can make to improve your cyber security is to adopt multi factor authentication (MFA). If you haven’t made the change for your business yet, here’s another compelling reason: Some cyber security insurance companies require it.
There’s a good reason why insurance companies like Travelers are now requiring that companies use multi factor authentication (and more are likely to follow their lead). A whopping 99.9 percent of account compromise cyber attacks can be blocked by MFA. And 94 percent of ransomware victims investigated did not use MFA, according to Travelers!
We’ve heard many reasons why businesses are reluctant to switch to MFA but the impact of using it is undeniably worth it in the long run. It might feel like a big change, but before long it will feel like second nature.
Remember when your parents (or grandparents) got their first smartphones? Sure it was awkward at first, but now they’re addicted to Audible and have more Spotify playlists than your teens. Rolling out MFA in your organization is a bit like that. It takes some getting used to, but isn’t nearly as difficult or scary as you first think.
Multi Factor Authentication (MFA) Explained
The phrase is easier to understand if you break the words down. Multi means more than two or more. Authentication means proving you are who you say you are. Factor is the part that trips people up. In this case, it just means a way that you can identify yourself. Factors are more secure when they include:
- Something only you know, such as a strong password or phrase.
- Something you physically have in your possession, such as a security key or smartphone.
- Something that can absolutely identify you (e.g., your fingerprint or retina scan).
Multi-factor authentication is a way to prove you have the right to sign into whatever account or program you need to access. Even though you might have a very strong password, even a computer-generated one, it’s simply not enough—definitely not as effective as combining that with another factor.
MFA Encases Your Data in a Cocoon of Protection
Clever cyber criminals use many ways to gain access to your data, including tricking employees, compromising your firewalls, launching malware and other ways to steal credentials. Often, people make it all too easy for criminals by using the same passwords on many different accounts or easy ones that include personal information (e.g., date of birth) or sharing them with others.
MFA blocks the entry points, giving you an additional layer of security. Even if criminals have the login credentials, they won’t be able to get in without passing that second authentication.
The recent shift to remote work has made MFA even more important. Many of your staff might not be working just a desk away from you. They’re somewhere else, using their personal devices to access your business networks.
Protect All User Access With MFA
Your summer interns should not have the same access to your network as your CEO, but they should have the same protections. Multi factor authentication works best when it is layered with other security measures, such as role and permission settings that only give people access to the areas of the network they need.
For your administrators who have access to everything? They need to have the strongest passwords AND change them frequently. MFA should be required for everyone: CEOs, interns, staff, vendors … anyone who needs access to your system.
Use Multi Factor Authentication (MFA) in 3 Steps
Here is what using MFA typically involves:
- Set up MFA. If you provide sensitive information to anyone or any business (banks, medical, even retail) make sure they have multi factor authentication. (Look under the privacy setting or contact their support if you can’t locate it.) Set up your MFA as directed on the site.
- Receive a prompt to authenticate. When you log in with your username and password, you will be prompted to provide additional verification, usually a six-digit code. There are several ways to get that code based on how your MFA is set up. You might need to open an app on your phone or read it from your token device.
- Enter your authentication code. Once the code is entered, you’re in. Often there’s a checkbox asking you if you want the device to “remember” the computer or device you are using. If you select this you won’t be prompted to authenticate as often from a trusted device. But NEVER check this box if you are on a public device (or even using unprotected Wi-Fi).
Various Methods of Getting the MFA Code
There are several different ways to receive the code in order to enable the multi factor authentication code. Which options are available vary by the platform or app.
- Authentication by app. MFA by app is the most secure, but not always an option. It requires you to open an authenticator app on your device to retrieve the code. You set up that Authenticator App when you set up your MFA for the account (step 1 earlier). There are many reputable apps for you to choose from, including Microsoft Authenticator and Google Authenticator.
- Authentication by text. More commonly available and therefore used by many, but not as secure as using an app. NOTE that an MFA text message WILL INCLUDE the code, not ask you to click a link to get it. Texts can be faked, just like emails, so never click unless you are sure.
- Authentication by push notification. Using push notification is not as good simply because there are too many different ways this can work and it’s too easy to click by mistake. Still, it is better than using nothing at all if this is the only option available.
- NOT SAFE, DO NOT USE: Authentication by email or phone call. These two methods are no longer considered safe. Cyber criminals commonly trick people into providing access to their accounts by faking emails and phone calls. So as we said, don’t use them.
Again, using an authenticator app is simply the most secure form of multi factor authentication. Unfortunately it is not available on every platform or site. Choosing to authenticate by text should be your next choice. It is widely available and more secure than push notifications. However, more and more companies are making different MFA methods available, so check your options again from time to time and move to a more secure option as soon as it is available.
You don’t have to make the move to multi factor authentication alone. We’ve helped many Miami businesses through this transition. If you’d like to discuss MFA or any IT support needs, contact us or book a meeting, virtual or in person. We would be happy to help.
Use our Managed Service Provider Checklist to Find the Right
Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business.
Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? This checklist will help you outline and define: