Hackers Want Your Company’s Money. Without MFA, You’re Giving It To Them.
You know not to click on the anonymous email link that says “Get Your Prize Money Now!” It’s a scam, you realize, so you confidently steer clear of it.
What if that email link comes from someone in your organization and, instead of prize money, it asks you to download a report for a project you’re working on?
You should probably do that, right? What reason would you have to suspect that link is actually malware that gives a hacker access to all of your organization’s sensitive data? (Yes, that includes financial information.)
This scenario is just one of many tactics hackers use for email phishing scams. They’ve been around for a while, and they’re on the rise. How can you safeguard against sophisticated thieves who can pretend to be anyone you know, create fake websites, and trick you into giving away the farm?
Enter multi-factor authentication (MFA), also called two-factor authentication (TFA or 2FA). MFA is the best and easiest way organizations can create extra layers of security and protect their sensitive data from hackers.
MFA is no longer only for the most tech-savvy. As security breaches continue to plague organizations both large and small, adopting MFA should be your priority.
What is multi-factor authentication?
So what does multi-factor authentication do? MFA is a security measure for a login or transaction that requires multiple methods of authentication to verify a user’s identity.
In other words, it helps a network know that the people using it are actually who they say they are.
MFA adds an extra verification step, making your “security wall” much more difficult to breach.
Let’s stop right here. At this point, you’re hearing “extra step” and you’re ready to give up. You don’t like extra steps. In that case, you should remove the lock on your door. Maybe also leave the windows down in your car. If you’re not using the protection that comes with MFA, that’s essentially how vulnerable your organization’s information is.
Examples of multi-factor authentication.
Actually, you’ve already had MFA for years with your bank. When you use an ATM, for example, you have to pass two security steps. First, you swipe or insert your bank card; second, you punch in your PIN.
As anyone who has ever had a debit card stolen knows, that extra security of a PIN is helpful. Though a thief may steal the physical object, they most likely don’t know your PIN. The chances of someone withdrawing money from your account are much lower.
Both steps in the bank transaction are common types of MFA. Your PIN is called a knowledge factor. It refers to information you know that lets you access a network. Mobile authentication, as in SMS messages or phone calls, are common practice.
Your card is called a possession factor because it’s a security token you carry. Other common hardware and software tokens include FOBs and smartphone apps.
Recently, Google announced the Titan Security Key. It’s a new 2FA security key device that authenticates logins via Bluetooth and USB. While the hardware token is only used internally now, they’ll soon be releasing it to the public.
Why you need multi-factor authentication for your business.
Now that you know how common and easy it is to use, here’s why you need multi-factor authentication:
The numbers are startling. In an executive summary recently published by the password management company LastPass, their survey found a huge discrepancy between the facts of security breaches and those who took action to prevent them.
The study noted that “19 people fall victim to identity theft every minute,” and “the average cost of a data breach based on a survey of 350 companies globally was $3.79MM in 2015.”
As a recent article in TechBeacon notes, without MFA, many other security measures your company takes may be useless: “Admins have installed antivirus software, raised the firewall, deployed encryption technology, and periodically run vulnerability tests. But the sobering reality is that if multi-factor authentication (MFA) is not in place, these other security measures can be bypassed.”
So why does your organization need multi-factor authentication immediately? Three simple reasons:
- MFA prevents email phishing and other attacks.
Assume hackers want your organization’s information and money. Adding an extra security layer is a simple and very effective way to prevent phishing. If you were to fall victim to a hacker, and they get your password, they would still need to pass through another step to access your information. With MFA, they’re much less likely to do it.
- It keeps your data (and your money) safe.
By now, this one should be obvious. We read about security breaches for giant corporations, but small businesses get hit just as hard, if not harder. USA Today notes that 61% of cyber attacks affected small businesses in 2017 (up from 55% the previous year). Further, 60% of small businesses go out of business within six months of an attack. Given the trends, we should only expect these numbers to rise. As hackers get more sophisticated, the need to secure your company data, especially your financial information, is undeniable.
- Adopting an MFA is something you can do right now.
Most of the accounts your company uses (like Microsoft, Google, and Apple) offer an option for MFA. In those cases, it’s as simple as going into your security settings and turning it on.
Another option is to use a password generator like LastPass to help you manage and protect company passwords.
For a physical TFA solution, the Yubikey is designed for both personal and business use.
You can also integrate multi-factor authentication at your system’s firewall. Taking this step allows you to strengthen your security in the one place it matters most. Because a firewall is designed to prevent unauthorized access to your system, making sure it has the protection of MFA is important.
Professional and experienced IT companies can secure your system.
The question you should be asking is this: what’s the easiest security step my company can take that will keep me the safest and productive?
Enabling multi-factor authentication might seem complicated because there are several different ways to do it. Ultimately, you have to decide which approach is right for your business.
Before you implement any security measures yourself, you should contact IT support experts. They can answer all of your questions and update you on recent security changes. Most importantly, they can implement MFA for you.