How can you better protect your organization’s sensitive information and your users’ personal data? Deciding where to focus your information security efforts for the most protection and the best return on investment can be a challenge. Multi-factor authentication is an excellent place to start, and here’s why.
More than 60% of phishing messages (in which a bad actor sends a fraudulent email or SMS message to capture a user’s password) in 2020 were targeted toward harvesting Office 365 credentials. And, 90% of successful cyberattacks start in email. This shows us the need to prioritize authentication to ensure that bad actors don’t get access to your systems.
Such data is especially relevant when we consider that the average cost to organizations reporting data breaches is $4.24 million. Furthermore, it takes an average of 200 days before most organizations even know they’ve been breached. Multi-factor authentication is a low-cost, highly effective way to help ensure that your employees’ login information stays secure.
Multi-factor authentication is a method of verifying users’ identities before granting them access to a system. As the name implies, multi-factor authentication uses two or more different factors to verify a user’s identity before allowing them access to a given system, location, or account. These factors can include:
Why implement multi-factor authentication?
If people can gain access to your systems with a password alone, you are highly susceptible to common cyberattacks. Too many users also reuse their passwords across multiple logins. However, when you implement multi-factor authentication, a password is only one of multiple components needed to gain access. With multi-factor authentication, you have built-in barriers to entry that require relatively little investment of time and resources. Further, multi-factor authentication is often a requirement to purchase cyber liability insurance.
Which systems should you prioritize for multi-factor authentication?
Not all systems require multi-factor authentication. Here are our recommendations for top priorities:
Common multi-factor authentication implementations
As we mentioned earlier, multi-factor authentication comes in various forms. Some of the most secure implementations include mobile applications, electronic key fobs, biometrics, and secure RFID cards. With a mobile app like Microsoft Authenticator, Google Authenticator, Duo, or Authy, users can generate a single-use password or code every time they log in. And they must have access to their mobile device to do it, which combines something they have with something they know for increased security.
Electronic key fobs and secure cards give users physical access to your premises, and you can combine this (something they have) with passwords and other factors to create a more secure login experience. With a biometric reader, you eliminate the risk associated with lost keycards or key fobs, as well.
Authentication factors that are moderately secure include automated verification phone calls and texts. These can be infiltrated, but they’re better than nothing. The worst security factor is probably email, as anyone who gains access to a user’s email address (such as by acquiring their password in a phishing campaign) can access that account and use it to reset passwords and breach your systems.
In conclusion: Protect your systems with multi-factor authentication
Implementing multi-factor authentication is one of the most cost-efficient methods to protect your organization against cyberattacks. Even if you require users to update their passwords regularly, those passwords may already be compromised and available on the dark web. Adding layers of authentication reduces your risk and could save you millions of dollars in the long term.
As you review your current authentication policies and the options available for multi-factor authentication, consider if you’re getting the most security for your authentication efforts. If your organization does not have multi-factor authentication for access to sensitive information, or if you have questions about improving your cybersecurity, fill out the form below to reach out to us today.