To celebrate Cyber Security Awareness Month, CyberTalk.org will be publishing a dedicated blog series throughout October. Each week, we will be sharing blogs that correspond to four key cyber security behaviors, as identified by The National Cyber Security Alliance. Today’s blog highlights why your organization should adopt multi-factor authentication, if you haven’t already done so, and provides deep-dive insights into the benefits of implementing this security measure.
While the idea of multi-factor authentication generally receives widespread support, the actual use of multi-factor authentication hovers around 50%, well below saturation level. Of small-to-medium sized organizations that offer multi-factor authentication (MFA), only 28% require its use. Given multi-factor authentication’s security effectiveness, the question is why businesses aren’t using it.
For a long time, businesses either didn’t understand MFA or didn’t see its value. And employees balked at the idea of being bludgeoned by new text messages, and at the reduction in the pace of productivity.
But the value proposition is simple and vastly outweighs reasons to resist multi-factor authentication. Multi-factor authentication prevents hackers from logging into accounts as your employees and manipulating or extracting data, holding data hostage, or otherwise making a mess of your business.
Read on for a deeper-dive into why multi-factor authentication is worth your while.
7 reasons to use multi-factor authentication
1. Mitigates risk due to weak employee passwords. Although most employees have good intentions and aim to follow your password difficulty instructions, the reality is that a significant swath of employees still secretly use weak passwords because they’re easy to remember.
A recent study from NordPass found that “123456” and “qwerty” are still among the most commonly used passwords, despite just how easy they are to guess. Last week, news broke indicating that Fast Company may have used the deliciously simple password “Pizza123” – a piece of cake for this hacker.
2. Mitigates unmanaged device threats. The hybrid nature of work means that employees may use unmanaged devices, from routers, to printers, to mobile phones. A compromised password on an unmanaged device can give a hacker unfettered access to your organization. Implementation of multi-factor authentication can assuage unmanaged device security concerns.
3. Supports all other security measures. If a hacker gains access to a username and a password, in the absence of multi-factor authentication, all of your other security mechanisms are instantly useless.
Think about it like this: Your anti-virus and advanced firewalls protect the virtual front door of your systems. Without multi-factor authentication, you’ve accidentally left the backdoor wide open. Why place deadbolts across the front doors if there’s another open point of entry?
4. Compatibility with Single Sign-On (SSO). To make security simple for employees, consider implementing multi-factor authentication alongside other log-in methods, like Single Sign-On. The combination of SSO and MFA nixes the need for multiple passwords, increases resource availability for IT teams, and improves the user experience.
5. Scalable for changing user bases. Multi-factor authentication doesn’t have to be reserved for your employees alone. You can also implement multi-factor authentication for partners who access company-owned web portals, and for clients.
6. Adaptable. Does your organization regularly conduct high-value transactions, or do employees frequently need to access resources from unknown networks and devices? Ensuring security under a range of divergent circumstances is tough.
However, adaptive MFA integrates contextual and behavioral data, such as geolocation, IP address and time since last authentication in order to assess a users’ identity. Adaptive MFA provides extensive security value, and greater peace of mind for your IT teams.
7. Compliance. In many places, laws mandate that organizations maintain strong authentication practices, particularly if they store financial data, or other personal information. Multi-factor authentication helps ensure that your organization stays in compliance with identity and access management regulations like SOX and HIPAA. It also gives you more leverage in the event of a breach and a subsequent lawsuit.
Real-world proof point
In May of 2021, the corporate operations of Colonial Pipeline came to a standstill due to a cyber breach. The company usually transports over 100 million gallons of fuel across the Eastern Seaboard each day, and the stoppage prompted US President Joe Biden to declare a state of emergency. Hackers accessed Colonial Pipeline’s systems via an exposed password for a VPN account. Multi-factor authentication could have prevented this disaster.
If multi-factor authentication increases security and can prevent extinction-level attacks that land your organization in the limelight, MFA should be a no-brainer. The real question is, ‘why aren’t you using it already?’