What is MFA?
By now, everyone has at least heard the term MFA, which stands for Multi-Factor Authentication. You may even be using some services that require you to have MFA security measures in place. MFA is a method of authenticating a user by making them use more than one mode of verification. There are three components to MFA:
- What you know – a username and/or password
- What you have – a mobile device, keycard, or USB
- What you are – a fingerprint or other biometric verification
How Does MFA Work?
MFA uses something you have to authenticate that you’re the correct party attempting to access information. There are different types of MFA, but you may have seen or are currently using OTP and biometric factors.
One-Time Passwords (OTP) are one of the most common types of MFA factors. OTPs are 4–8-digit codes that can be received via email, text message, or an authenticator app. These codes are generated at the time of request and generally have a short period of time when they are valid.
Biometric verification is also a common type of MFA factor. It uses what you have and what you are, making the method more secure. Biometric verification uses fingerprint and facial recognition software on a device containing a seed value, meaning it is tied to a specific device.
Why is MFA Important?
Let’s face it, most of the people you know aren’t using strong passwords. Many of the people you know are using the same password for multiple sites. As cyber criminals target large companies for data, they’re looking for usernames and passwords. If they get this information from one place, it’s a simple step to apply it everywhere. They build code that goes out and tries those credentials all over the internet until they get a hit. If they get into your email, chances are they can reset passwords, pretend to be you, and use your contact list for their benefit. Email targets are increasingly frequent but not the only way bad actors are trying to gain access to your valuable business information.
What Should Have MFA?
Your business system is comprised of many pieces. The ones potentially making your system vulnerable are hardware, users, and software. As your strategic technology partner, you should verify the following items in your ecosystem have MFA enabled.
Firewalls
Your firewall is the first line of defense between your business’ ecosystem and the outside world. Whether your servers are physically or cloud hosted, ensuring the gatekeeper of your data is locked behind an extra wall of authentication is a high priority. Each user of the device can have their own account and authentication method.
User Accounts
Your users can be targeted from many different angles. MFA programs exist for companies looking to tighten their security. Companies can now require biometric logins for users in or out of office. Requiring biometric user logins greatly reduces the ability for a bad actor to gain access to a machine or its data.
There are still a lot of misconceptions about applying MFA to email. There are beliefs the process will be longer, cumbersome, or annoying. Most email clients do not require daily authentications when using the same device. As a technology provider, this is the most common breach seen to gather data. Bad actors are looking to gain access through phishing, spear phishing, ransomware, and more. Companies are wiring large amounts of funds, having the entire file server locked from ransomware, and losing valuable confidential data to the wrong hands by simply not having MFA enabled for email accounts.
Is There a Way to Get MFA for Our Major Business Applications?
Surprisingly, not all ways your workforce is accessing your data requires MFA. Most cybersecurity insurance is now requiring MFA be enabled for accessing email, but what about your other applications? With the rise of different technologies, there are companies who have mastered the art of securing your in-house or complex data systems.
If the software your company is currently using can send a single sign-on (SSO) request to an identity provider but does not have MFA as a native capability, there are options to secure the logins via a third-party application.
If your major business applications must be accessed by logging into a remote server, MFA can be enabled through a third-party application. VPN access can also be MFA enabled in some instances.
How Do I Find Out What Currently Has MFA and What Still Deeds MFA?
ERGOS has options for companies looking to secure their workforce. ERGOS can become your primary technology provider or work with existing IT departments to isolate and document the areas of your business that are still vulnerable. Contact us today by phone or by filling out our contact form. Don’t let a lack of MFA enablement compromise your data.