Low Hanging Fruit: How Multifactor Authentication Boosts Cybersecurity
Cyber insurance claims activity has proliferated at a break-neck speed. The frequency of incidents has risen as ransomware, business email compromise, and other perils have become more successful and sophisticated. With that success comes hefty price tags for ransoms and remediation costs that can span months. In our upcoming series, Low Hanging Fruit, we’ll explore cybersecurity solutions that your organization can implement to boost cybersecurity. This article explores the benefits of multifactor authentication.
What is Multifactor Authentication?
Multifactor Authentication (MFA) is a means of providing access with two pieces of evidence to confirm your identity. This can come in a few different forms – something you know, something you have, or something you are. Presenting a debit card and PIN at the ATM is one example. Many smartphones allow you to access applications using a fingerprint or facial recognition. Logging into your network may require you to verify that you’re logging in on an authenticator app on your phone through a push notification or password. Sometimes, a code is sent through a text message or email. This security measure goes beyond strong passwords and affords those who are logging in additional protection of their data or financial assets.
Why is MFA Important?
2020 brought changes to the working conditions of many organizations. As cities and states enacted shelter-in-place orders, employees had no choice but to work from home. Companies were in a position to pivot quickly to maintain productivity and provided employees with access to information in new ways.
One of those ways was through a Virtual Private Network, or VPN. A VPN provides an extra level of security as it routes internet connections through a private server instead of through your internet service provider. This creates a portal from your device to the internet and encrypts the information in transit. This was a great security enhancement for many companies whose employees were utilizing their own hardware devices, or who may have little understanding of security protocols at home.
Where many companies fell short was the addition of multifactor authentication. If passwords were compromised, which they often are, criminals are able to access these systems using automated cyber attempts. Simply put, business email compromise was easier than ever. And the VPN provided access remotely like never before.
How will this prevent claims?
Executives consider cyber risk one of their greatest concerns, as the idea of access to critical information could cause a crisis of massive proportion. Business email compromise can create a host of issues when there is access to email systems belonging to finance or executives. This can lead to social engineering attacks where requests are made of customers or employees to transfer funds. This can also lead to the breach of confidential information of employees, customers, or individuals. The results can be devastating to reputations, and the loss of funds can be difficult to restore. A simple addition of MFA can prevent attacks stemming from stolen passwords and is easy to implement across an organization.
If you have been through a renewal of cyber insurance recently, you have likely fielded questions about how your organization is utilizing MFA – many insurance companies require its implementation to provide terms. A proactive approach to implementing this control is considered a high priority for insurance carriers who have seen a tremendous amount of claims activity without this control. This is a low-hanging fruit, ripe for the picking by many criminals, and successful implementation of MFA may save your organization from a claim.
