An explanation multi-factor authentication

November 28, 2022

Multi-factor authentication is a method of authenticating users on an information system and requires them to go through multiple steps to access that information system. Commonly, this is accomplished through a combination of a username and password, followed by a requirement for the user to prove his or her identity again through a notification sent to his or her mobile device or by inputting an additional code. 

Why is MFA important? 

Often, MFA is the first and best defense against a cyberattack. In 2019, Microsoft estimated that 99.9% of cyberattacks can be blocked by MFA. 

Best practices 

Update outdated systems. Often, outdated systems—referred to as legacy systems—do not support MFA. To prevent cyberattacks, businesses should update any outdated systems. Updates should be implemented with direct oversight and with a plan in place that will eliminate security gaps. Avoid self-set-up updates that require each individual user to set up MFA credentials. 

Use MFA for all applications. MFAs should be utilized for all applications that permit a user to access a business’s information system. For example, a business may utilize a Virtual Private Network service that requires the use of MFA, but requires only single-factor authentication for an email application. Keeping an inventory of Information Technology assets will help a business with this. A business should review its inventory routinely to ensure all relevant applications require MFA. 

Third-party users. It is not only a company’s employees who may have access to a business’s information system. Third parties—such as payroll or human resources companies—also may have access to a business’s information system. MFAs should be required for all users to have access to a business-information system, including any third party that may have access to that system. 

Testing. Once a business has implemented a complete and effective MFA process, it should test that process routinely. MFA testing should be incorporated into IT audits, penetration tests and vulnerability scans of a business’s larger information system.  

Cyberattacks can cause costly damages—and you don’t want to find out after a cyberattack that you’re not covered. To review your policies and to make sure your business is protected, give your professional independent agent a call today.

Berkshire Hathaway Guard Insurance Companies protecting your business and employees with their Workers' Compensation.

About the author…

Jaye Czupryna

Jaye Czupryna is member information manager for PIA Northeast and editor-in-chief of PIA Magazine. She started her career in public relations, and she has been with PIA for 20 years. She has overseen PIA Northeast’s various publications, including the award-winning magazine since 2009. Jaye graduated cum laude from Siena Collage where she earned her Bachelor of Arts Degree in English Communications.

Related stories…

Escalating reinsurance renewals

Escalating reinsurance renewals

Reinsurance refers to the system in which an insurer moves all or some of a risk to another insurer to give protection...

Share This