Multi-factor authentication is a method of authenticating users on an information system and requires them to go through multiple steps to access that information system. Commonly, this is accomplished through a combination of a username and password, followed by a requirement for the user to prove his or her identity again through a notification sent to his or her mobile device or by inputting an additional code.
Why is MFA important?
Often, MFA is the first and best defense against a cyberattack. In 2019, Microsoft estimated that 99.9% of cyberattacks can be blocked by MFA.
Best practices
Update outdated systems. Often, outdated systems—referred to as legacy systems—do not support MFA. To prevent cyberattacks, businesses should update any outdated systems. Updates should be implemented with direct oversight and with a plan in place that will eliminate security gaps. Avoid self-set-up updates that require each individual user to set up MFA credentials.
Use MFA for all applications. MFAs should be utilized for all applications that permit a user to access a business’s information system. For example, a business may utilize a Virtual Private Network service that requires the use of MFA, but requires only single-factor authentication for an email application. Keeping an inventory of Information Technology assets will help a business with this. A business should review its inventory routinely to ensure all relevant applications require MFA.
Third-party users. It is not only a company’s employees who may have access to a business’s information system. Third parties—such as payroll or human resources companies—also may have access to a business’s information system. MFAs should be required for all users to have access to a business-information system, including any third party that may have access to that system.
Testing. Once a business has implemented a complete and effective MFA process, it should test that process routinely. MFA testing should be incorporated into IT audits, penetration tests and vulnerability scans of a business’s larger information system.
Cyberattacks can cause costly damages—and you don’t want to find out after a cyberattack that you’re not covered. To review your policies and to make sure your business is protected, give your professional independent agent a call today.
Jaye Czupryna is publications manager for PIA Northeast and editor-in-chief of PIA Magazine. She started her career in public relations, and she has been with PIA for more than 20 years. She has overseen PIA Northeast’s various publications, including the award-winning magazine since 2009. Jaye graduated cum laude from Siena College where she earned her Bachelor of Arts Degree in English Communications.