Last week we discussed “Data Backup, Firewalls, Incident Response and Business Continuity measures.” In our continuing discussions on the Top Cyber-Defense Measures, this week we discuss Multi-factor Authentication (MFA) as an Access Management measure for improving your cyber-risk profile the BEST you can as FAST as you can.
Many K-12 Districts and Public Entities are being required to respond to the expanded questionnaires insurance companies are insisting on to determine the rates and terms, for providing Cyber and Ransomware coverage.
In many examples we are seeing not only questions regarding Multi-factor Authentication (MFA) as an Access Management measure, insurance companies are actually requiring MFA Measures and Policies be in place to qualify for any coverage.
Multi-Factor Authentication (MFA), sometimes referred to as two-factor authentication (2FA), is a security enhancement that requires a User to present two pieces of evidence as an additional layer of security to identify they are who they are. Your sensitive information- like your primary email, financial account, health records are safer because cyber criminals would need to steal both your password and your phone as an example to get access.
Something You Know authentication is the most used category and is usually a password or a PIN, which has proven to be inadequate in protecting access to information, driving the implementation of MFA.
Something You Have authentication it is a physical device in you possession that is used to authenticate you are who you are. SmartCards, Key Fobs with a changing code, and now Smart Phones are very popular for Something You Have authentication. Smart Phone Apps such as Google Authenticator provide the same level of secure key generation without the need for an additional physical device.
Something You Are authentication has become popular along with increased smartphone capabilities. Anyone who has used their face or fingerprint to unlock a phone has provide Something You Are authentication.
Traditional passwords simply aren’t secure enough any longer, Cyber expert’s state a high percentage of cyber-attacks and incidents could have been prevented by implementing a Multi-factor Authentication (MFA) solution. Insurance Companies and Best Practices dictate you should deploy MFA whenever possible, especially when it comes to your most sensitive data.
Next week we will discuss Internal/External Vulnerability Scans and Continuous Improvement.