Here’s a cybersecurity trick or treat for you. It’s Halloween. You hear the doorbell ring. Would you answer your door without looking to see who’s on the other side? Would you leave your door unlocked, knowing the night will be filled with strangers looking for candy – or worse? Without multi-factor authentication (MFA), you’re essentially doing just that with your data and your networks. MFA is like locking your door and checking to make sure whoever enters is allowed to come inside.
What is MFA?
Have you ever had to get your cell phone or check your email to type in a unique code before you can log in to your account? That’s MFA. When your customers set up an account, they provide the system with a mobile phone or email address they’ll use to receive a system-generated one-time code to access their account. It’s an additional step beyond using a password to prevent bad actors from getting access to information and finding a way to hack into your company’s networks. Every company that allows logins should use MFA at a minimum to prevent ransomware and cybercrime. Everyone who has the option to use MFA to log in to their online accounts should do so. Without it, attackers can easily get direct access to servers, systems, and sensitive information.
Too often, companies rely solely on single authentication tactics like Touch ID or a password. However, smart devices can recognize more than one thumbprint, and even fake fingerprints can successfully bypass sensors at least once nearly 80% of the time. While not an entirely bulletproof solution, MFA effectively creates additional hurdles for would-be attackers. Confirm that you and your customers practice MFA, even if it simply involves the extra authentication step of sending a one-time SMS to a trusted user’s device to ensure they’re valid. In 2019, only 57% of the employees at businesses worldwide used MFA. While this number was up from 12 percent of all global employees in 2018, it’s still lower than it should be.
AirGuard™, our flagship managed security service offering, includes MFA as part of the solution.
Train Your Team to Avoid These Tricks
It’s becoming more common for attackers to trick people into sharing passwords. They’ll send social media or email links that look legitimate. When the would-be victim lands on the page, they type in their password, and now the hacker has what they need to get into the system with the victim’s credentials and wreak havoc. MFA is the only way to prevent this; the critical control stops a hacker from logging in with just a password or Touch ID.
Some cybercriminals are even masquerading as IT or fraud security. They contact unsuspecting victims requesting them to share an MFA code generated for them or ask them to click a link to a lookalike site, allowing them to scrape the actual code the victim generates. Train your team, vendors, and clients to contact any company directly by typing in the URL or calling the company’s phone number to verify this request rather than simply complying with a stranger asking for a code or clicking any link they didn’t ask to receive.
MFA is Effective
By providing an extra barrier and layer of security that makes it incredibly difficult for attackers to get past, MFA can block over 99.9% of account compromise attacks.
MFA Authenticates Users
Make sure you know who’s coming inside your network. Keep out the ghouls who would harm your company through cybercrime by implementing MFA. Train your team not to click on unsolicited links without verifying they are legitimate. And contact Airiam if you’d like to bolster your cybersecurity to include MFA and other safeguards. We’ll work with you to determine the best way to stay safe from cybercrime at Halloween and all year.
Using MFA makes an organization more cyber resilient.