Why you should be using MFA

November 20th, 2020
Why you should be using MFA

MFA & Why you should use it

Much has been publicised in 2020 about increasing cyber attacks on Australian businesses. Data shows that the number of attacks has in fact increased by 30%. Amongst the conversation, businesses have been urged to adopt Multi-Factor Authentication (MFA). Whilst most people have generally been exposed to this in some form, many remain unclear as to the true purpose & meaning.

Multi-factor Authentication (MFA) is an authentication method in which a user is granted access to a system only after successfully presenting two or more pieces of evidence to an authentication mechanism.

Why does your business need to use MFA?

The main target of hackers is generally the weakest points in your system. Commonly this is the passwords we use to access our devices where our most important company and personal information is stored. No matter how great you believe your password is, bad actors have many methods to obtain your credentials to find a way in. Some of the methods they use are:

  • Phishing & Spear Phishing
  • Keyloggers
  • Credential stuffing
  • Brute force & reverse brute force
  • Man-in-the-middle (MITM)

In 2017 it was reported that 81% of hacking related breaches involved weak or stolen credentials. Since then, businesses have adopted more and more cloud services creating even more sources for criminals to obtain your identity. With more staff than ever working from home on vulnerable networks the risk of breach has never been higher. Having a second factor of authentication such as using an MFA application on a physical device like your smart phone can stop these breaches and protect you and your organization even if your credentials are compromised.

MFA prevents those other than the approved user from being able to access systems like your email, financial systems, corporate data and more while also alerting your IT administrators of the potential attempts to breach your systems.

How does MFA work?

MFA has 3 core standards referred to as the Gold Standard. The recommendation is to implement 2 or more of these standards in order to be compliant. These are:

Something you know: This is your username and password

Something you are: These are Bio Metrics such as a fingerprint scanner and/or face scanner like how we access our mobile phones today. You can even use your location via GPS tracking, although some consider this the 4th method of MFA.

Something you have: This could be your mobile phone where you use an Authentication application, a card like a bank card or access card or a physical key like a USB stick or fob.

The Reality

Cybercrime will cost the business community around $6 trillion USD annually by 2021 according to predictions. Shockingly, this number has already doubled in the last 5 years.

Forbes reported back in 2018 that 58% of cyber attacks victims were small business with fewer than 250 employees.

The victims are not only the organisation, but the targets of these bad actors is information about your identity and that of your employees. Gaining your identity means gaining access and control to your organisation.

Introducing MFA to your organisation is simple and easy to do. If done correctly it's as simple as opening an app on your smart phone. This small change however will make all the difference in the world to your protection against Cyber-attacks.

If you're not currently using MFA or have security concerns around you data, please reach out to your Premier vCIO. Not a client of ours? Please get in touch and we'd be happy to share our knowledge & insights!