Articles & E-Books

 

Multifactor authentication: Why you need it now

Jun 02, 2020

The alarming rise in the number of data breaches — 7.9 billion records were exposed in 2019 — has increased the urgency to fortify data defenses. Equally important, more than half of the U.S. jobs can be done at least partially or completely remotely. As convenient as remote work is, insecure implementations of the technologies that make it happen can expose your business network to attacks from the internet. 

No matter the size of your business, you need to ensure that only authorized associates access sensitive data. Multifactor authentication is the single most effective technique to make it more difficult for attackers to break into your network.

Multifactor authentication

Multifactor authentication uses at least two different verification methods when logging onto a system: something you know and something you have. For example, you know your password and you have a randomly assigned access code. Originally, your users needed a hardware fob to supply the access code, but the proliferation of smartphones wireless data has allowed developers to get away from hardware tokens and move to app-based equivalents.

In some multifactor implementations, the institution like a bank might send you a one-time code (which is really just another password) to your phone. The bank has taken some initial steps to verify that your phone is yours. Since you have it, this establishes the second factor. Other multifactor authentication technologies require you to download an app and verify your identity through other channels prior to giving you an access code.

The costs of skipping multifactor authentication

Businesses that don’t include multifactor authentication into their security protocols risk two types of attacks: password spraying and credential stuffing.

A cybercriminal using password spraying tries various common permutations and combinations of passwords — combinations of season and year and exclamation marks are common — at intervals slow enough to avoid locking out a bunch of users. All it takes is one correctly guessed password for hackers to get a foothold into the system.

Credential stuffing involves reusing usernames and passwords that have already been stolen from a given website and “stuffing” those same credentials into other sites to gain access to more sensitive systems such as your VPN connections. Unfortunately if your employees have poor password hygiene and reuse the same password for multiple accounts, all it takes is one match and an attacker could gain access to your network. 

Why you need multifactor authentication

Associates logging in to your network through VPN or Citrix or a partner extranet make an attractive target for attackers trying to break into your network. It’s why you need multifactor authentication. 

MFA prevents all automated bots and shields against 66% of targeted attacks, according to Google. Such impressive statistics can’t be discounted, and MFA creates a critical layer in your cyber defense strategies. 

Multifactor authentication is important not just for external-facing networks. Consider multifactor authentication for highly sensitive internal data systems as well. As your business grows, so does your base of associates. You need to segment systems and information access across departments. Compensation information for example, should not be visible to any associates outside human resources. Intellectual property that can be critical to the future of your business should also be carefully controlled. Multifactor authentication is a hack-resistant and sensible way to  restrict access to your valuable business assets. 

With the rise of remote work and multiple access points to your business network, multifactor authentication is wise security practice. As we have seen, when it comes to preventing data breaches, the stronger the armor and the greater the number of layers, the better. 

Interested in cybersecurity? 

You can learn more about fluid and agile solutions in the evolving cyber landscape on our web page

Or learn more in these articles:

Investing in cybersecurity saves dividends
Five easy (and low-cost) ways to increase cybersecurity
Cybersecurity 101: What does it involve?
How to protect your business from ransomware

Author(s)

Tom Wojcinski, CISA, CRISC
Director
View Profile
Get free cybersecurity tips
Get 30 free cybersecurity tips over 30 days during National Cyber Security Awareness Month
Sign up