What Does Multi-Factor Authentication Mean for Your Business?
Secure your network with multi-factor authentication. Learn what using MFA means for your business and how to protect against data breaches.
Data breaches can be scary. Ease your fears and properly secure your network with multi-factor authentication (MFA). In general, MFA ensures that digital users are who they say they are by requiring at least two pieces of evidence to prove their identity. As a managed service provider, ArcLight has been in business long enough to assure you that adding MFA solutions to your business strengthens network IT security and bolsters defenses against cyberattack.
Although MFA dramatically increases network security, it does come with a few drawbacks. These drawbacks won’t feel completely foreign.They’ve been around for many years with online banking. It’s true that MFA will ever so slightly slow down your ability to access your business systems just like passwords did back when they were added to Windows many years ago. Still, MFA is the next interaction post password that protects your organization.
While MFA can seem like a pain in the neck at first, we can help educate your staff on why it’s critical and how to adopt it more easily. Soon using it will feel like second nature. In the meantime, you and your staff should be aware that not all MFA methods are the same: Some are more secure than others.
MFA Recommended Methods
- BEST: Multi-factor authentication by app. When using an authentication app, the user has the app installed on their smartphone. When logging into a computer or a mobile device, the multi-factor authentication is triggered. The user goes to the app and receives a code to manually enter into the MFA prompt on the device they are trying to access. There is a different code for every platform authenticated with the app. While this is the most secure method for MFA, not all programs and platforms have it as an option.
- BETTER: Multi-factor authentication by token device. This is just as secure as MFA by app but requires a separate, single-purpose device, which is why we ranked it a bit lower. The hardware token device is about the size of a key fob and often needs to be configured to receive authentication. When needed, the user can enter the code that appears on the device to authenticate their login on a computer or mobile device.
- OK: Multi-factor authentication by text. When logging into a platform that triggers MFA, a code is texted to the user. The code is tied to the user’s phone number. The user gets the code from the text message and the code is then manually entered into the MFA prompt on the platform. The reason MFA by text is not ranked higher is that criminals can gain control of your phone with SIM jacking. A phone that has been SIM jacked can be used to authenticate by text, giving a criminal access to your accounts and network without even having your physical phone.
- A second “OK” option is a USB YubiKey. These keys require a physical tap on a USB device to allow access after login. They are not as secure as a keychain token or an app, but they require physical access to the USB device to gain access, so they completely thwart access from a remote attacker. They do NOT stop someone who knows a login/password from logging in directly on the device, but those types of hacks are almost nonexistent.
- BAD: Multi-factor authentication by email. Email is compromised more often than mobile devices, SIM cards and computers. Multiple email accounts can be found and hacked just by logging in to a single account. It is far too high a risk to use this method because a hacker could easily intercept authentication to an alternate email.
- WORST: Multi-factor authentication by phone call or push notification. Criminals are way too good at faking voice calls. This option simply isn’t safe.
Your Password Is Not Enough
Let’s be honest, it doesn’t take someone with our level of knowledge and expertise to know that remembering and maintaining passwords for every website, computer, remote office or third-party application is difficult (some may argue it’s practically impossible). In this digital age, there are of course many applications out there that will remember your password so that you don’t have to. Regrettably, some of these types of solutions are easily compromised.
With passwords being so difficult to remember users will often default to something simple, like their birthday or the name of their pet. Cybercriminals anticipate this and can apply a brute force attack known as password guessing. This involves trying every possible code, combination or password until the correct one is found.
Multi-factor authentication helps secure your data and controls who has access to your organization’s files and private records to ensure that they do not fall into the wrong hands. It helps to prevent such compromises and keeps cybercriminals from breaching your organization’s data.
Since nearly every website your employees access for personal and business functions require passwords, it is very common for employees to reuse their business logins and passwords for personal websites. For instance if your employee used their business email address and network login for their LinkedIn account then their information is likely available on the darkweb. This is because there was a LinkedIn hack in July 2021 that saw 700 million LinkedIn accounts compromised. If your employee used their corporate email YourEmployee@YourDomain.com as the login and the same password they use to log in to your systems, then it’s just a matter of time before an attacker finds your company by looking for the “@YourDomain.com website then scanning your network for various means of access such as VPN, terminal servers, open ports, etc.
Of course, if you add MFA, the attacker will never gain access with a compromised account as the MFA key changes every 60 seconds. How is that for security? You can rest easy knowing you are sticking it right in the attacker’s eye while he wastes countless hours attempting access only to be thwarted time and time again.
The Multi in Multi Factor Authentication (MFA)
A password is one type of information — something you know. MFA requires more than just one type of information. You need to provide:
- Knowledge (what you know); a password or PIN.
- Possession (what you have); a badge, token device or smartphone.
- Inherence (what you are); a biometric like fingerprints or voice recognition.
Depending on the size of your organization, the number of third-party vendors with access to your network could range anywhere from hundreds to thousands for a variety of business reasons. The more people you involve in your business, the more you lose track of those involved. Implementing an MFA solution creates a layered defense against cyberattack.
There are many ways a cybercriminal can hack your information. With the right MFA solution in place, there are just as many ways to prevent your information from falling into the wrong hands. Don’t rely on passwords alone to protect your data.
Share the Knowledge
Managed Service Provider CHECKLIST
Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.