With 80% of hacking-related breaches caused by weak or stolen passwords*, multi-factor authentication (MFA) is now a critical step to safeguarding your accounts and systems. But what is MFA, how does it work, and does your business really need it?
MFA is the process of identifying and validating a user by requiring two or more authentication steps at the point of login.
The basic elements of MFA are:
Arguably the most important – and easiest – security measure you can implement to help protect your business, we’ve put together the five top reasons why you need to enable MFA today.
With 93% of successful security breaches started with a phishing email, and over 90% due to internal vulnerabilities or human error**, passwords are one of our biggest vulnerabilities.
Hackers are continually developing more intelligent and harder-to-spot methods of stealing credentials and gaining access to our accounts. Whether it’s a compelling email that requests your details to verify a transaction, or a fake website that asks for your username and password, the threat of phishing attacks continues to rise.
MFA adds an additional layer to the login process, strengthening security and increasing your protection from such threats. Unless the hacker has the additional factor required, their attempts to access an account would be unsuccessful.
With an increasing number of employees now working away from the office on a regular basis, the risk of an outsider gaining access to a private network is heightened.
A Conditional Access policy adds the capability to evaluate whether certain security conditions are complied with – for example, whether the geolocation or device used to make a login request are compliant with your security requirements, and that the user presents with their second factor of authentication.
This means you can rest assured your accounts and networks are secure whilst the team is working from home or out on the road.
You might think adding an extra step to the login process would make things more complex, but you’d be wrong.
Users are often reluctant to spend time creating lengthy passwords that combine upper and lowercase letters, numbers and symbols – usually opting for an easy-to-remember word instead – and you’d be surprised how many still have passwords jotted on a piece of paper somewhere on their desk. In fact, 80% of people reuse the same password across all of their accounts.**
Whilst strict password policies are still required, MFA adds another layer of protection, so that if the password is compromised, the user still cannot access the required resources without the extra authentication factor being present.
Most MFA systems offer flexibility in which additional factor requirements are put in place.
This means you can develop an MFA policy that best suits your business and users. For example, if all users are provided with a work mobile, the additional factor could be a code sent by text message to that device.
Opting for measures specifically suited to your workplace will improve both your team’s experience and promote security.
Implementing MFA within your organisation doesn’t need to be a complex process. Widely available to organisations of all sizes, MFA is compatible with a range of applications and devices – including laptops, iPads and desktop computers.
With administrators easily able to manage user and device settings, MFA is simple to deploy and control on an ongoing basis. Requirements and users can also be added, removed and changed to support business growth as and when required.
With security breaches affecting businesses of all size and sector, MFA is simply too important to pass by.
If you’d like further information about enhancing your security or would like to discuss implementing MFA within your organisation, please get in touch today.
*2017 Verizon Data Breach Investigations Report
**2018 Verizon Data Breach Investigations Report
Find out how our Cyber Security specialists can help
Please complete the form below with details of your enquiry and we’ll be in touch shortly.