HELP DESK Support(678) 387-5715

  IT Services(678) 387-5717

JETT News

Multi-Factor Authentication

Multi-Factor Authentication: The Security “Option” that Isn’t Optional

With 61% of data breaches involving lost or stolen credentials such as passwords, the evidence is overwhelming that simple password authentication is inadequate for any business serious about security. Any Internet-connected company that takes this approach may already have been compromised by adversaries seeking to steal information or resources of value.

Multifactor authentication (MFA) provides companies with an effective, affordable security mechanism to overcome the weaknesses of knowledge-based authentication such as passwords. It adds a critical layer of protection to network, application and data assets in an increasingly dangerous and sophisticated threat environment. When organizations combine passwords with secure physical devices and/or biometric credentials, they insulate themselves with a strong layer of security that helps protect against password theft.

The ABCs of MFA

With MFA, authentication is generally accomplished by validating one of three factor types:

  • Something users know (such as a password),
  • Something they have (such as an ID card), and
  • Something they are (such as their fingerprint; e.g. biometrics).

To achieve MFA, the firm must require personnel to use two or more of these factors. Some choose to take MFA a step further by sending tokens to a device associated with the individual requesting access, such as their password-protected mobile device, or by having tokens expire if they are not used for access within a specified time.

Recent advances in MFA, such as authentication via a pop-up window on a user’s smartphone, make MFA even easier to use and manage. It also increases personnel satisfaction, which makes it much less likely workers will try to circumvent security protocols.

The Threats Are Real and Are at Your Door

We have spoken with business leaders who discount the dangers to their firms. They think their data isn’t “important” enough to steal, or that they are too small to offer much value. Nothing could be further from the truth. Although large companies may offer more in terms of their “data trove,” they are also much more likely to have implemented stringent security measures.

Consequently, most cybercriminals are equal opportunity offenders. They’ll attack everyone and gladly walk through the doors of those business leaders and IT managers who leave them open. Furthermore, despite decades of effort by organizations to insulate themselves against security risks, there’s no shortage of tactics being launched to penetrate their defenses.

From malware and hacking to phishing, these tactics frequently lead to account compromise and credential theft. Increasing this danger are outside security concerns, such as expanding the user base to include non-employees, such as third-party contractors.

The experts at JETT possess decades of experience helping organizations of all sizes ensure they are using appropriate security controls, including MFA, and that their security posture complies with all applicable mandates. For a complimentary discussion of your current security approach and how you might want to strengthen it, request a consultation at https://jettbt.com/contact-us/.

Pro Tips from the JETT Experts

  1. Enable user-friendly factor types with strong security
    Giving users access to mobile app authenticators, push notifications, biometrics and other highly secure options simplifies the end-user experience and increases the value of MFA.
  2. Plan and provide for a variety of access needs
    Using a mechanism such as Windows Hello as the second factor in MFA addresses scenarios where users may not have Internet access, such as on a plane or in the interiors of concrete structures. It also makes it nearly impossible for someone to steal MFA credentials.
  3. Review compliance requirements carefully
    Most IT compliance standards such as PCI DSS, SOX and HIPAA mandate strong security controls, and they are not the same for each standard. If your firm must adhere to one of these standards, having a detailed understanding of the requirements will enable you to tailor configuration and policies to align with them.

Recent News

Modern Businessman managing IT assets digitally

Professional IT Asset Management: A Modern Business Necessity

In the current business environment, IT asset management (ITAM) — proactive deployment, tracking, maintaining, planning for replacement (or upgrade) and disposal of all IT assets …

Read More →
Hacker on the Dark Web

The Dark Web in 2022: What You Need to Know; What You Must Do Now

In the late 1990s, the U.S. Department of Defense (DoD) launched what would later be known as the dark web. Designed for anonymous communications with …

Read More →
Warning - Phishing Scam Alert

Phishing Training and Testing: A Necessary Defense Against Cyberattacks… and Worse

With cyber risks being one of the biggest concerns for companies in 2022, shrewd organizational leaders are taking steps to reduce their exposure. From ransomware …

Read More →
Protect Your Data

Why It Is Important to Protect Your Company’s Intellectual Property

Are You Doing Everything You Should to Protect Your Company’s Intellectual Property? Data Loss Prevention (DLP) is an information security tool that can detect and …

Read More →
Scroll to Top