Billions of account credentials are stolen online each year despite our growing use of passwords.
The easy, low-risk, potentially high-reward nature of identity theft has led it to grow fast. Which is why organised gangs have moved from more traditional crimes to cybercrimes, often enjoying rich pickings from individuals’ accounts, without them realising.
Countering the threat
It’s not that the IT world has ignored the threat. But, while antivirus software, firewalls, encryption technologies and vulnerability tests are all viable counter tools, these security measures are not fool proof.
Multi-factor authentication (MFA) is not new but by checking that the user is genuine it makes all the difference. Plus, it’s an extra layer of security that is low complexity and relatively easy and inexpensive to install. But according to IT experts MFA penetration levels in organisations are low.
So, what is MFA?
Most of us already use MFA even if we’re not familiar with the term. For instance, online banking, such as a password and a code generated by a secure key or, in the case of an Apple customer, their Apple ID followed by their 6-digit authentication code that only they know. It’s simply a means to confirm a user’s identity in several ways; through something we know, such as a password, plus a device and/or plus, biometrics of fingerprints.
IT best practice
In our view MFA should be standard best practice for IT managers. Once they have categorised their systems to identify the ones with access to business-critical data adding MFA as an additional layer makes infinite sense.
What’s more, for anyone using Microsoft’s Office 365, setting up MFA for licensed Office users is easy to achieve. As it’s device and not password-led a single sign on in Office 365 sees users only having to manage a single sign on, rather than remembering passwords all the time. The good news too, is that it comes at no additional cost and can be managed from your organisation’s portal.
Protecting customers and employees alike
MFA is a great way to protect employees and customers, especially as weak or easily accessed credentials continue to be the preferred weapon of choice.
It also solves the insecure, easily forgotten, used-many-times password issue. By joining things together, it creates one authentication service which is secure, easy to use and customer-friendly. This is particularly timely as employee workforces become increasingly mobile.
The ongoing threat to data
Sadly, despite the efforts of the industry to counter cybercrime there’s no chance that this is going to go away anytime soon. Three out of five businesses reported a cyberattack last year. While we know of the big name brands that have suffered, very often smaller companies fall prey too. According to Symantec 31 percent are aimed at businesses with fewer than 250 employees.
Data security issues are bigger than we know
According to a Verizon security report it predicts data breaches are a ‘time bomb’ referencing its surprise that so few breaches have hit the public domain. It predicts that more are inevitably due to come to light as a result of the time it takes to discover and report them.
The report also stresses that cyber thieves rarely execute attacks requiring more than four defences, lending more weight to the importance of MFA.
The risk of doing nothing
While anti-virus systems and advanced firewalls and vulnerability tests are fundamental security elements, without user authentication, intruders can still get in.
So too, password theft will continue to be a threat as Password theft as hackers’ employ methods like keylogging, phishing, and pharming.
It’s worth remembering that cybercriminals do more than steal data. They also destroy data, change programmes or services, or use servers to transmit propaganda, malicious code or spam.
Users are already using MFA
A large majority of people are now used to authenticating themselves in their everyday dealings with service providers, from banking, utilities companies, social media, email and more. This means they are likely to easily adopt and reap the ease of using this practice in their working lives.
Overall, it’s clear that the benefits of implementing MFA far outweigh the risks of doing nothing. So, what are you waiting for?
Share this Blog post
Establishing Cyber Security Best Practice
Businesses are attacked by cybercriminals every day so it’s essential to protect your data. This post will help you to implement cyber security best practice.