Require Multifactor Authentication

Multifactor Authentication Provides Extra Security

Your company’s intellectual property, employee personal information, customer information and other data are prime targets for criminal activity. Passwords alone are not always effective at protecting your organization’s data. In fact, weak or stolen passwords are common entry points for online criminals.

Multifactor authentication (MFA) requires two or more steps to log in, such as entering a code texted to your phone or fingerprint to prove your identity. The device or app alerts the employee and asks for additional authentication to prevent others from accessing our accounts. Adopting MFA is a simple way to protect your organization and can prevent a significant number of account compromise attacks.

Three Steps to Incorporate MFA in Your Organization

MFA provides extra security on accounts by confirming our identities when logging in to our accounts with two or more verification methods, like entering a code texted to a phone or one generated by an authenticator app. MFA is a simple, easy way to greatly increase your business’s digital security. For added protection, educate your employees on the importance of MFA on their personal accounts as well.

1. Require multifactor authentication (MFA) wherever possible.

Work with your IT team to identify what software and systems you can require MFA for and create a plan to apply it throughout your company. Start with the privileged, administrative and remote access users who are most at risk. Focus on systems that are often compromised, like email, file storage and VPNs.

2. Use the strongest level of MFA you can.

A code sent to your phone or email is the easiest, simplest form of MFA. Any MFA is better than no MFA, but there are more secure options, such as these:

An authenticator app that generates a code that is valid for a short time that the user enters to access their account
“Phishing-resistant” MFA, like a smart card or FIDO security key, is the gold standard of MFA protection. Learn more about phishing-resistant MFA and how it can protect your business on our blog, Phishing Resistant MFA is Key to Peace of Mind.
Talk with your IT team to decide what investments in cybersecurity are best for you and your employees.

3. Educate your employees.

Many people still do not know what MFA is or understand why it is important. Clearly communicate to your employees the ease and benefits of enabling MFA. In taking just one extra, quick step to log in, they are helping protect themselves, the company and its customers. Encourage your staff to use it on all personal accounts that offer it as well.

What is “Phishing-Resistant MFA”?

MFA bypass attacks are happening against well-funded companies with excellent security staff. It’s a technique and hack in which spammers are able to “bypass” traditional MFA options, like the 6-digit code.

Phishing-resistant MFA is designed to prevent MFA bypass attacks by using a security key, which is a small external device that either connects to your computer or phone through a port, a biometric or via Bluetooth to enable secure login to websites and applications. Since only the key owner has physical access to their device, phishing scams don’t work. Phishing-resistant MFA can come in a few forms, like smartcards or FIDO security keys.

The FIDO Alliance was formed by a group of companies that have been able to bake FIDO protocols into the operating systems, browsers, phones and tablets that you already own. And FIDO is supported on hundreds of online services. Organizations large and small are starting pilots and even completing their rollout to all staff.

Other Ways to Protect Your Business

Online criminals are always looking for easy targets. Businesses that don’t take basic precautions are at risk. Take the following steps to make it harder for malicious actors to access your data or trick an employee into allowing access to your systems.