The Power of Multi-Factor Authentication
“99.9% of Hacked Accounts DID NOT Have MFA Enabled” ~Microsoft
What is MFA and how will it protect my business?
If you’ve ever withdrawn cash from an ATM, you’ve already used Multi-Factor Authentication (MFA for short). You need an ATM card (factor #1) and your PIN (factor #2). Imagine if you lost your ATM card, and it didn’t require a PIN to use. You’d likely wake up to an empty checking account!
The same principle applies to cybersecurity. Your password is factor #1, and a push notification to your mobile phone or an email is factor #2.
Chances are hackers ALREADY have access to your login credentials via The Dark Web. In fact, cyber criminals often purchase giant batches of log-in credentials and break into accounts one by one! This technique is impotent versus MFA.
What should my business protect with MFA?
Every single account should be protected by MFA, but here are the 3 most essential accounts your business should protect:
Business Email – Once a bad guy hacks your business email account, they can pose as you to the outside world, launching bulk phishing and funds transfer fraud attacks on your own colleagues and all of your external business contacts.
Enterprise Data – Hackers target your enterprise data, in order to lock it up via ransomware. The deadliest types of ransomware are specifically built for the cloud. Once locked up, your business could face serious business interruption costs and regulatory fines/penalties.
CRM – Stealing your businesses’ hard earned client data is a GOLD MINE for hackers to resell on The Dark Web. Not very many of your clients would be happy to learn that their sensitive data is now being used to hack their own organization.
How much does MFA cost?
THE VAST MAJORITY OF THE TIME MFA IS 100% FREE. Many platforms offer complimentary MFA internally (Gmail, Outlook, Dropbox). For other 3rd party platforms without native MFA, you can use apps like Authy, that allow you to set up MFA completely free of charge.
How to implement MFA company-wide… Evolve’s playbook.
A request should go from the top of the organization directly to IT. Tell them the goal is to have MFA enabled on 100% of accounts for every single employee. Give your IT department a deadline to gather and present their implementation plan.
Once the implementation plan has been approved by all parties, a company-wide email should be sent to every employee with explicit step-by-step instructions on getting set up via your IT department.
Hold your IT department accountable for setting up MFA across all critical system platforms within a 2 week period. Check in after 2 weeks to ensure a successful implementation across your organization.
Set up new onboarding procedures with your IT department that include MFA for all new employees.
Updated 11/16/2020: Microsoft urges users to stop using phone-based multi-factor authentication
Can MFA lower my business’ cyber insurance premium?
Yes! Evolve takes all information into account while underwriting on our basic one page cyber application and we do offer better pricing for companies who take their cybersecurity seriously! Having MFA enabled organization-wide is a huge indicator of strong IT practices.
MFA Explained In Under 2 Minutes
”They are creative, smart and really make an effort to understand cyber risks so they can tailor the policy and pricing appropriately to our client's advantage.Bill LewisBolton & Company