With 61% of data breaches involving lost or stolen credentials such as passwords, the evidence is overwhelming that simple password authentication is inadequate for any business serious about security. Any Internet-connected company that takes this approach may already have been compromised by adversaries seeking to steal information or resources of value.
Multifactor authentication (MFA) provides companies with an effective, affordable security mechanism to overcome the weaknesses of knowledge-based authentication such as passwords. It adds a critical layer of protection to network, application and data assets in an increasingly dangerous and sophisticated threat environment. When organizations combine passwords with secure physical devices and/or biometric credentials, they insulate themselves with a strong layer of security that helps protect against password theft.
The ABCs of MFA
With MFA, authentication is generally accomplished by validating one of three factor types:
- Something users know (such as a password),
- Something they have (such as an ID card), and
- Something they are (such as their fingerprint; e.g. biometrics).
To achieve MFA, the firm must require personnel to use two or more of these factors. Some choose to take MFA a step further by sending tokens to a device associated with the individual requesting access, such as their password-protected mobile device, or by having tokens expire if they are not used for access within a specified time.
Recent advances in MFA, such as authentication via a pop-up window on a user’s smartphone, make MFA even easier to use and manage. It also increases personnel satisfaction, which makes it much less likely workers will try to circumvent security protocols.
The Threats Are Real and Are at Your Door
We have spoken with business leaders who discount the dangers to their firms. They think their data isn’t “important” enough to steal, or that they are too small to offer much value. Nothing could be further from the truth. Although large companies may offer more in terms of their “data trove,” they are also much more likely to have implemented stringent security measures.
Consequently, most cybercriminals are equal opportunity offenders. They’ll attack everyone and gladly walk through the doors of those business leaders and IT managers who leave them open. Furthermore, despite decades of effort by organizations to insulate themselves against security risks, there’s no shortage of tactics being launched to penetrate their defenses.
From malware and hacking to phishing, these tactics frequently lead to account compromise and credential theft. Increasing this danger are outside security concerns, such as expanding the user base to include non-employees, such as third-party contractors.
The experts at JETT possess decades of experience helping organizations of all sizes ensure they are using appropriate security controls, including MFA, and that their security posture complies with all applicable mandates. For a complimentary discussion of your current security approach and how you might want to strengthen it, request a consultation at https://jettbt.com/contact-us/.
Pro Tips from the JETT Experts
- Enable user-friendly factor types with strong security
Giving users access to mobile app authenticators, push notifications, biometrics and other highly secure options simplifies the end-user experience and increases the value of MFA.
- Plan and provide for a variety of access needs
Using a mechanism such as Windows Hello as the second factor in MFA addresses scenarios where users may not have Internet access, such as on a plane or in the interiors of concrete structures. It also makes it nearly impossible for someone to steal MFA credentials.
- Review compliance requirements carefully
Most IT compliance standards such as PCI DSS, SOX and HIPAA mandate strong security controls, and they are not the same for each standard. If your firm must adhere to one of these standards, having a detailed understanding of the requirements will enable you to tailor configuration and policies to align with them.