What is Multifactor Authentication?
Did you know that elephants are one of the most protective animals on the planet towards their young? They only have one calf at a time typically, and carry for almost two years. When born, the mother receives help in protecting the calf, from all the mothers within the herd.
Octopuses, Orangutans and Kangaroos all have highly developed, differing but effective, ways of protecting their young. So, what can humans learn from that? It would appear quite a lot when it comes to our computers and IT stuff. We don’t appear to be very protective of the information we hold within them.
Experts estimate that there are some two million cyber attacks every day. Microsoft’s Defender anti-malware programme intercepted 35.7 billion phishing emails in 2021. The company’s Azure Active Directory detected and blocked more than 25.6 billion brute force attempts in the same year. According to its 2022 “Cyber signals report”, only 22% of businesses secure their data using MFA. Microsoft further reports that users who do not use MFA are ten times more likely to be cyber attacked.
Why should businesses use MFA?
One of the simplest tools for getting onto your network in a hacker’s tool kit, is the common all-garden password. Using password spraying techniques, cybercriminals use brute force login attempts, using usernames and common passwords to log onto your network.
123456 has been the most common password for 6 years in a row,
with password and qwerty, in quick succession.
There are lots of hackers out there, all doing bad stuff. Cyber criminals are not young funky whizz kids, sitting in a dark room, guessing what your password is and, in a stroke of genius ‘guess right’. They employ computer programmes, to do the work for them, and cycle through multiple username and password combinations. Eventually, their efforts reward them with the information.
There are three key strategies that cyber criminals use to exploit human and security vulnerabilities to enter your business system:
- Phishing – sending emails that are fraudulent. Allegedly sent from a bonafide company, or staff member; they are designed to get you to reveal your personal or business information, like credit cards or passwords.
- Exploiting vulnerable internet systems: possibly insecure wi-fi points or poorly configured firewalls, for example
- Through remote desktop protocols, using brute force guessing
Using your ill-gotten personal information, hackers will leverage the data stolen. They will apply for credit or debit cards, transfer funds, file fraudulent tax returns, use your health insurance, rent a house in your name, commit crimes using your identity, or seek a ransom for the information stolen, to mention only a few.
“Identity is the new battleground, but most are unprotected against attacks”
Lock it, or lose it
So why is there such a low adoption of stronger IT authentication? Maybe it’s human nature. According to Aviva Car Insurance, only 77% of people lock their cars. It’s the same with mobile phones, only 1 in 5 users employ a screen lock on their smartphones. And when it comes to homes, it’s suggested that six out of ten people have left their homes unlocked as they go out. When it comes to IT, having information stolen is horrible, cyber criminals can wreak havoc on your business finances, its reputation and, on you.
Best practice for securing your IT data
When you sign into an account, typically you need to authenticate who you are. You will be asked for your username, or logon sign-in credentials. With MFA, you will then be asked for a second verification of your identity.
It’s essentially an additional password, a second security layer to prove who you are, and if you pass that verification, you can continue on into your network. This won’t happen just the once, whenever you need to enter your device/network, you’ll be asked to perform the same actions to enter, typically within a space of time.
The good news – along with MFA, there are lots of simple security solutions, that can be used in combination, to mitigate you and your business becoming a statistic.
- Consider using passwordless MFA
- If you must use a password, make sure it’s strong, and consider updating at timely intervals using a password manager
- On a regular basis, run an audit on account privileges; who has access to what and why? Maybe someone has left the business and unwittingly still has access to your company’s information
- Look at any kind of device-hardening; that looks to reduce any kind of security risks, condense your IT systems attack surface right across the company, anything that makes it extremely difficult for any kind of threat actor to benefit from your hard-earned profile, put it in place
- Take care when working remotely – make sure all IT equipment is as secure as it can be
- Back up your data, and do it regularly
- Dispose of old IT equipment securely, use deletion software or a specialist, to eviscerate all personal and business data from it
- Make sure your Wi-Fi is secure. Consider putting protocols in place when using public Wi-Fi systems
- Lock your screen if you step away from using your computer
- Watch out for suspicious emails – have them checked for viruses or other malicious software – never give out confidential information
Protect your business from online threats and always make password hygiene a priority. Remember, hackers are not the kind of criminals that give up. But, they might think twice if they see a herd of elephants.
At CNC we have a number of Security Services that help our customers protect their business from Cyber criminals. Please do not hesitate to contact us on 01273 384100 for further details or email email@example.com.