MFA is one of the most effective tools for minimizing cyber risk. Learn how it works, along with some of our recommendations.
With cyberattacks on the rise among small and midsized businesses, there is a renewed sense of urgency about how to best deal with this complicated challenge. Among cybersecurity professionals, this conversation usually starts with password policies.
Passwords are a poor security tool, for a variety of reasons. First, creating strong passwords is difficult, as even leading security experts debate publicly about what it means. In addition, good password policy requires each user must have a unique password for every service or device, meaning the average person could be managing up to 191 of them. Naturally, your staff might try to write some of those passwords down in order to help remember them, but probably shouldn’t do that either.
So, what are staff-members and business owners supposed to do? Most technologists and cybersecurity professionals will tell you to start multi-factor authentication (MFA).
What Exactly is Multi-Factor Authentication?
Multi-factor authentication secures your network by requiring each user present several pieces of evidence before they log into your systems. In most scenarios, MFA systems will require two of the following forms of proof:
- Knowledge Factor – This is usually a password, but it could also be a passphrase or a PIN.
- Possession Factor – This is something the user has, such as a cell phone, a smart card, or a security dongle. The MFA system may ask for a simple verification of ownership (clicking “OK”), or send a time-based one-time password (TOTP) to the device.
- Inherence Factor – A fingerprint, facial biometrics, or voice-controlled lock, which provide the highest level of security.
Using two authentication factors is enough to secure the systems at most businesses. However, high-security systems in regulated industries, like the banking or financial services fields, may benefit from implementing a third factor to protect their most sensitive data.
MFA is highly configurable. Do you have salespeople who spend a lot of time outside the office? Because those employees are at a higher risk of having a device stolen or compromised by a fraudulent Wi-Fi hotspot, you might want to implement MFA on inbound network connections. Similarly, MFA can be configured to secure connections from only a specific geographic region, if that’s what best suits your organization.
Is MFA That Much Better Than Simple Passwords?
Yes. Requiring more than one method of user authentication provides a range of concrete benefits. Experts at Symantec, for example, have concluded that multi-factor authentication could prevent as many as 80% of all data breaches. Similar research from Google demonstrates that MFA could stop 100% of automated email attacks, 99% of bulk phishing attacks, and 66% of targeted attacks. Those are just a few of the notable statistics to demonstrate the benefits of MFA. Very few security controls offer that kind of immediate impact.
Because it works so well, MFA is strongly embraced by organizations that have regulatory compliance requirements. It may even be an obligation, in some cases. Since PCI-DSS version 3.2 went into effect in early 2018, businesses that accept credit cards have been required to secure administrator access to cardholder data environments (CDE) with MFA. Similar standards exist for financial institutions subject to NY-DFS.
MFA also features prominently in the National Institute for Standards and Practices (NIST) Cybersecurity Framework, a Federal Government resource that organizations across all industries use to reduce security risk.
How Do I Implement Multi-Factor Authentication?
There are many pitfalls to avoid when implementing multi-factor authentication. First are the technical challenges associated with configuring MFA correctly for your network services. You also need to educate your team on MFA and make sure the new interface is easy for them to use. If the solution is buggy or illogical, you may end up harming morale and productivity as much as increasing security.
It’s also important to pick a trusted MFA provider, like Duo security, who offers reliable service and the tools to help make your implementation a success. Duo provides a user-friendly app that allows both Android and Apple users to authenticate themselves in a wide range of business applications, such as Slack, WordPress, and Amazon Web Services (AWS). It also gives administrators a central dashboard to track user activity and view security logs.
To ensure the success of your MFA deployment, the process should always start with a thorough analysis of your network, including network access and end points, cloud services, active directories, and managed services. You may also want to start with a limited MFA roll-out, giving your IT team the opportunity to test employee reaction and address issues before they affect your whole organization.
Techmedics Brings Clarity to MFA Deployment
Does your organizations want to achieve better cybersecurity? For over 20 years, the Techmedics team has provided friendly, reliable IT and technology services. Our cybersecurity team is happy to learn more about your business and help you deploy a multi-factor authentication solution that meets your needs and goals.
We’re always available to answer your questions at 877-832-4611, or you can use the contact form below to contact us. We look forward to speaking with you!