Blog

IT Insight: Why multi-factor authentication?

According to recent data from Forbes, cybercrime has increased 300% since 2018 with over 15 billion breaches of stolen credentials. If thieves steal your data, your credit and bank accounts, health care records, social security, company trade secrets and more will be exposed. How can you protect your digital footprint?

Multi-factor authentication is a process where a user is prompted during the sign-in to authenticate a password from an additional form of device, such as a smart phone or token device as a key fob by entering a code on their cellphone or to provide a fingerprint or iris scan, which a hacker cannot possibly have access to.

Why not repeat the same password for multiple sites? What many do not understand is that it’s not a “person” on the scamming side, it is a smart computer. Hackers have many ways of probing your information. They may send malicious emails to your contacts, install a keylogger to capture your strokes, including every user name and password. They can copy traffic on your computer including traffic from your credit card companies and their data servers. They can also probe for weaknesses within your firewall, send emails with malicious websites, viruses, and malware. A fake profile on your social networking page may entice you to give up confidential information.

By sending out data packets to mass recipients they can even identify an unprotected port of a firewall or router and infiltrate your network. Once they are in, they can expand to every user and device linked.

If the password is weak, used repeatedly or has been exposed elsewhere, you are vulnerable to a security breach. When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate. The less enticing your data, the more likely that thieves will choose someone else to target. Remember, easy for you it’s easy for the bad guys, hard for you, hard for them.

MFA Implementation is easy to set up. For instance, once your protection is set up, you will receive an SMS text to your phone or fob. You enter the 6-digit code random to your computer that only you receive to login.

Additionally, there are apps to use, such as Google Authenticator, which is easy to install using the prompts. It’s free in the iPhone store and through Samsung.

At the company level MFA must be turned on. If any user falls for a scam or malicious email, MFA will stop it from spreading to other users, unless you have a user not using it…then a hacker could potentially have everyone’s email, and all are at risk! It is important for everyone to buy in to protection and best practices at the company level, whether large or small. All your Office 365 applications, Windows Desktops and even your 3rd party apps need MFA set up.

Users are your front line when it comes to phishing defense. 100% of the phish we find are reported by users, while 0% were stopped by perimeter technology. Secure email gateways will inevitably fail. Make sure your employees are ready, active defenders — not targets —with a phishing target training program.

Your employees need to be conditioned to spot and report phishing emails immediately. Phishing simulations are based on the latest threats and empower your employees to become your front-line defense against these threat detectors. With your staff attuned to the latest phish scams and threats, you will have the best organizational defense in place.

Threats to your business are constantly evolving. That’s why active threat scenarios are the most relevant and up to date — they’re informed by intelligence gathered from the millions of real phishing threats analyzed by the Cofense Phishing Defense Center™, Cofense Intelligence™, and Cofense Labs™.

A Managed Service Provider can configure a full 12-month program — complete with phishing simulation scenarios, landing pages, attachments, videos, and educational content — in just a few clicks. Content can be customized based on your environment, industry, line of business applications and how you work.

The most important part of your phishing defense is reporting and resiliency rates. Boost reporting and help your employee become active defenders. With our automated board reports, MSP’s can easily monitor program performance, reporting data, and your organization’s change in resiliency.

Reach out to your Managed Service Provider and embrace MFA. Protect your most precious assets, your data, and sleep well at night!

JoAnn Hodgdon is vice president and co-founder of Portsmouth Computer Group (PCGiT) with her husband David. PCG provides comprehensive managed IT services, business continuity, security, cloud computing and Virtual CIO services to their clients. You may reach her at joann@pcgit.com or at www.pcgit.com.