As cybercriminals have become more aggressive, protecting business IT systems has become more challenging. In most cases, however, breaches caused by cyberattacks could have been prevented by strictly enforced security measures involving strong passwords.
According to a recent Data Breach Investigations Report, 80% of employees never click on a phishing mail aimed at stealing credentials. The bad news is that 20% of them still do. That is why apart from ensuring your staff employs best password practices, your business must use multifactor authentication (MFA).
How MFA adds multiple layers of security
MFA is a security feature that involves the use of multiple methods of authentication to verify a user’s identity. The multiple layers of security prevent malicious attempts to log in or access networks and systems. MFA protocols are composed of the following elements:
- Something a user knows, like a password, or the knowledge element
- Something a user has, like a smartphone, or the possession element
- Something unique to the user, such as a fingerprint or biometric data, or the inherence element
On the other hand, two-factor authentication (2FA) is a subset of MFA that verifies a user’s identity by requiring a username and password and a second step. This second step is typically a verification code sent to one’s smartphone or a separate token, or via the use of a verification app like Google Authenticator. While it does add an extra layer of security, it is not as secure as MFA.
Passwords aren’t the only line of defense to your systems, but they are the first line of defense. Strong passwords backed by an MFA-enabled system let you block the many and frequent attempts to hack into your systems.
Are there downsides to using MFA?
While enabling MFA seems like a no-brainer, there are certain caveats to using it. For one, authentication factors can get lost or become unavailable. Ideally, you’d always have your device handy to verify a code when, for example, logging in to your email account on a new laptop. However, devices can get lost or damaged.
Take an emergency situation like a hurricane, for instance. If you’re suddenly required to work from home using your personal laptop but don’t have access to your authenticating device that’ll allow you to log in to your company systems, you’ll be greatly inconvenienced.
In a worst-case scenario, skillful hackers can use 2FA to their advantage and lock you out of your device or systems. Nonetheless, your business would still be a lot less safe without the additional security layer.
How MFA protects your business against cyberattacks
MFA can’t stop all cyberattacks but it will do a much better job of blocking different kinds of attacks than a simple password (i.e., single-factor authentication). Here are a few of those attacks that MFA can help thwart.
- Phishing and spear phishing
Getting one’s credentials stolen may involve nothing more than an expertly composed email from someone posing as an IT technician asking for the password to a company’s network, and the email recipient providing it. This is called phishing. Spear phishing works similarly, but is more targeted and aims at a larger group of potential victims. With MFA in place, a hacker that successfully obtains credentials won’t be able to answer a security question required to access an account.
- Brute force attacks
These attacks are also launched to steal credentials via repetitive attempts to crack passwords. A hacker that successfully cracks a password for an MFA-protected account still won’t be able to access the system unless they can bypass the other security factors.
- Man-in-the-middle (MITM) attacks
In an MITM attack, a hacker attempts to gather critical information such as email messages, online account credentials, and financial information by intercepting an exchange between a user and an app or website. MFA protects against these attacks with the added security required. Push notifications are especially useful and are relatively easy to use.
A single data breach event can reveal your IT system’s weaknesses and cost you thousands of dollars in the form of government fines, a complete system reboot, and reputational damage control. Summit Advisors, LLC’s cybersecurity experts can help strengthen the defenses of your small- or medium-sized business in Wichita. Call us today to get a FREE IT needs assessment.