Multi-Factor Authentication

Multi-factor Authentication (MFA) as an Access Management measure

Last month we discussed “Email Security and Employee Cybersecurity Awareness Training.” In our continuing discussions on the Top Cyber-Defense Measures, this week we discuss Multi-factor Authentication (MFA) as an Access Management measure for improving your cyber-risk profile the BEST you can as FAST as you can.

· Email Security and Employee Cybersecurity Awareness Training

· Data Backup, Firewalls, Incident Response and Business Continuity

· Multi-factor Authentication (MFA) as an Access Management Measure

· Internal/External Vulnerability scans and Continuous Improvement

· Document “Best Practices” Policies to support your security strengths

· Maintaining Your Networks Software and Hardware Security

Many K-12 Districts and Public Entities are being required to respond to the expanded questionnaires insurance companies are insisting on to determine the rates and terms, for providing Cyber and Ransomware coverage.

In many examples we are seeing not only questions regarding Multi-factor Authentication (MFA) as an Access Management measure, insurance companies are actually requiring MFA Measures and Policies be in place to qualify for any coverage.

Multi-Factor Authentication (MFA), sometimes referred to as two-factor authentication (2FA), is a security enhancement that requires a User to present two pieces of evidence as an additional layer of security to identify they are who they are. Your sensitive information- like your primary email, financial account, health records are safer because cyber criminals would need to steal both your password and your phone as an example to get access.

There are three complimentary categories that define all implementations of MFA:

Something You Know

Something You Have

Something You Are

Something You Know authentication is the most used category and is usually a password or a PIN, which has proven to be inadequate in protecting access to information, driving the implementation of MFA.

Something You Have authentication it is a physical device in you possession that is used to authenticate you are who you are. SmartCards, Key Fobs with a changing code, and now Smart Phones are very popular for Something You Have authentication. Smart Phone Apps such as Google Authenticator provide the same level of secure key generation without the need for an additional physical device.

Something You Are authentication has become popular along with increased smartphone capabilities. Anyone who has used their face or fingerprint to unlock a phone has provide Something You Are authentication.

Traditional passwords simply aren’t secure enough any longer, Cyber expert’s state a high percentage of cyber-attacks and incidents could have been prevented by implementing a Multi-factor

Authentication (MFA) solution. Insurance Companies and Best Practices dictate you should deploy MFA whenever possible, especially when it comes to your most sensitive data.

· Next month we will discuss Internal/External Vulnerability Scans and Continuous Improvement

ResoluteGuard uses industry best internal and external scanning tools to identify your Cyber-risk strengths and weaknesses and populate easy to use, easy-to-understand smart workflow reports that align the governance, administration, and technical activities to the common objective: avoiding a disruption of critical services.