Multi-Factor Authentication: It’s Time to Get Serious Folks

with No Comments

Categories: Security



Although the exact evolution of Multi-Factor Authentication (MFA) is a subject for debate, one aspect of it is not. All businesses should be using MFA, and by not doing so, they are putting their data and their companies at risk. Despite the popularity of passwords, they are not enough, period. End of story.

Over the past decade, billions of people have fallen prey to cybercriminals who stole their credentials from corporate databases that were hacked. Companies and their personnel need to take responsibility for information security into their own hands, and one of best places to start is implementing MFA.

So grave has the danger become, in fact, that many insurers are refusing to provide cybersecurity insurance to companies that do not mandate MFA in their operations. (Not familiar with cybersecurity insurance? We can help there, too.)

What Qualifies as MFA?

MFA requires a user to provide multiple credentials (factors) to validate his or her identity. The factors are typically a combination of three things:

  • Something you KNOW that is not common knowledge like your mother’s maiden name, or a complex password
  • Something you HAVE, such as a cell phone, key card, secured app, or USB drive
  • Something you ARE, such as your voice or your fingerprint

Within these guidelines, organizations and their users have considerable latitude, provided they ensure that at least 2 of these credentials is being used.

The Why and Where of MFA

It may seem like a no-brainer to implement MFA, but companies often experience user hesitancy, or even rejection. It can be inconvenient to use, and it requires personnel to memorize information, such as what they selected for their “item you know.” Nevertheless, the alternative is unthinkable, and it is important for business owners to stress that point.

From a security perspective, most insurance carriers now recommend firms have three MFA controls in place:

  • MFA for remote networks
  • MFA for administrative access
  • MFA for remote access to email

These key areas are a good start, but depending upon a firm’s level of exposure and any compliance mandates to which they are subject, it may not be enough.

Here’s the good news. Per a Microsoft study, MFA can block over 99.9% of account compromise attacks. That’s a number we can get behind.

Still on the Fence About MFA? Read This.

Per Bloomberg News, use of multi-factor authentication might have been able to prevent the ransomware attack that shut down the Colonial Pipeline. If you still aren’t sure, are uncertain where to start, or just need information to help you make the best decision, we invite you to call us. Let’s work together to ensure your business pipeline isn’t endangered.

We’ll help you explore MFA — which is also a key component of Carmichael Consulting’s 15-point security plan. To schedule a complimentary consultation, call 678-719-9671 Option 2 or email sales@carmichaelconsulting.net.