Ensuring your business is safe is becoming increasingly difficult and at times challenging, especially with many
businesses having their employees work from home and in the office. Here you will find out how you can ensure the
safety of your users can be resolved securely and compliantly, while saving on time and budgets, keep reading to find
What is Multi Factor Authentication (MFA)?
MFA (multi-factor authentication) is an authentication method where the user is required to use two or more factors
of verification to obtain access to the resources, which can be in the form of applications, online accounts, or VPN.
MFA is a key component of a strong IAM (Identity and Access Management) policy.
There are three types of MFA –
- Knowledge – (something you know) – Passwords, pins, code words, answers to questions
- Possession – (something you have) – Keys, smart cards, token devices, one-time passwords
- Inherence – (something you are) – Fingerprints, palm scanning, iris scanning, voice recognition
Multi factor authentication works by needing a further verification of information, otherwise known as factors. Onetime passwords (OTP) are one of the more commonly used MFA factors, generally they are 4–8-digit codes which are obtained as emails, messages or at times through an app.
MFA is now widely used across so many industries, especially those who hold large amounts confidential information, some of the industries include Finance, Healthcare, Law enforcement, Defence, Government, eCommerce and even on Social Media.
Top 5 reasons to have MFA enabled:
Reason 1 – identify theft is the fastest growing crime
Identity theft, a term which is so commonly used with the increase in cyber attacks leaving many users having their information stolen. There are various ways in which hackers can obtain personal and sensitive information for example, data breaches, unsecure browsing, malware activity, mail and credit card theft, Wi-Fi hacking and many more.
Reason 2 – Allows employees to have remote access
With many people now working either from home, in the office or even both – the need to implement MFA has increased, especially with the increase in the use of VPN’s (Virtual Private Networks). The issue stems from this as there is a lack of security when accessing VPN’s, making them an easy target for hackers. A simple solution to this issue is to enable an MFA when accessing a VPN. This protects employees who are working from home or in the office, leaving them protected from all sides.
Reason 3 – Protection
Using MFA protects against cyber criminals, with the use of an additional layer of information, as mentioned this can be in the form of knowledge, possession or inherence. The list below outlines and explains how cyber attackers use some of the most commonly used and unfortunately successful techniques, which can result in a potential breach.
- Phishing – The attackers use a generic list of emails and phone numbers sending emails and messages, which most of the time tend to include a web link requiring a payment to be made, quarantined emails, voicemails or a transaction needing to be verified.
- Spear phishing – This technique is more thought out with targets being smaller groups, with more believable and thought-out messages, at times they are also personalised to fit the target/s.
- Credential stuffing – There are many people who use the same usernames and passwords for almost all their accounts, leaving those people vulnerable and leaving an open window for hackers to use that information on as many sites as possible with the aim of obtaining sensitive information.
Reason 4 – Improve Security
Using a multifactor authentication improves security for the user. Even if a hacker were to gain access to the username and password it would not be enough as an authenticator would be required. Having an MFA can also be regarded as an alert system, warning users of a breach attempt.
Reason 5 – It Is Important
It is important to remember that MFA can protect not only a single employee but the entire business, without MFA a hacker could gain access to the sensitive materials through a single user. Having MFA enabled protects users and reduces phishing scams and brute force attacks which in return also reduces the chance of the business being put at risk. An example of this would be Microsoft recently introducing a compulsory MFA in Office 365, for specific organisations and partner accounts.
MFA plays an important role in any cybersecurity protection plan, protecting everything from online accounts, personal information, company data and more, as they are at a continued risk of being attacked due to the sensitivity of the information which is now held online.
Clear Thinking can provide staff training courses on MFA, Cyber Security and much more or if you simply want more information on MFA and how you can enable it, please get in touch with the Clear Thinking team who will be happy to help.