As technology advances, so do the methods cybercriminals use to attack your systems. To protect against the increasing threat of cyber attacks, more businesses are giving priority to protecting their information. One simple yet extremely effective method for protecting your systems is to use multi-factor authentication or MFA.
Overview of Multi-Factor Authentication (MFA)
MFA is a security measure that requires multiple types of credentials to verify a user’s identity to access an account. So when a user logs into an account with a username and password, one or more other factors will also be required before allowing access.
The key that makes MFA really effective is requiring information that hackers are not likely to have. They may be able to steal your password and login information, but it’s not as likely that they’ll have access to your phone, and it’s nearly impossible for them to obtain your fingerprint.
That’s why MFA requirements will often involve using an app on your phone to generate a one-time code, using a physical key fob, or using biometrics such as fingerprints or facial recognition.
How MFA Protects You
Microsoft reported that MFA can prevent over 99.9% of account compromise attacks. For such a simple tool yielding such an effective result, there’s no reason for every business and employee not to be using MFA.
To fully understand how multi-factor authentication works, it’s useful to first be aware of how hackers attack. So, here are some common cyber attacks that rely on basic login information:
- Phishing: Often disguised as a trusted organization, the attacker delivers a message to a list of phone numbers or email addresses, usually with a call to action which requires login information and a fake website where the user is expected to provide that information.
- Spear Phishing: This is similar to phishing, but it is targeted at a specific group of people using personalized messages. Hackers may glean information from social media accounts or other sources to personalize these messages and make them appear more trustworthy.
- Keystroke Logging: The attacker installs a program (usually a virus) that captures keystrokes from the user’s computer, including passwords, sites visited, and usernames.
- Credential Stuffing: The attacker relies on the user repeating usernames and passwords to log into their applications and sites. They attempt to use one set of stolen credentials to gain access to additional sites and programs.
- Brute Force and Counter Brute Force Attacks: The attacker uses software to rapidly test a variety of common credentials (e.g., Password123) in an attempt to gain access to sites and applications.
- Man-in-the-Middle Attacks: The attacker accesses a user’s connection to another party, then either observe the interaction or redirects the connection to a fake site where the user will enter their login information.
Each of these common attacks is focused on obtaining a user’s username and password. However, when using MFA, even if the hacker obtains your username and password, he won’t be able to obtain your MFA code unless he also carries out a sophisticated attack like swapping your phone’s SIM card or intercepting and decrypting your connection to the website.
Increasing Cyber Attacks and Security in a Digital Age
According to a study from the University of Maryland, there is a hacking attempt every 39 seconds, affecting every one in three Americans yearly. And 43% of all cyber attacks are directed at small businesses.
These numbers only prove that the digital age, with all its advantages, has also introduced greater risks, and both businesses and individuals must go the extra mile to protect themselves.
Due to the current pandemic, remote work is rapidly becoming the order of the day and, unfortunately, has become a focus for hackers. That is because, without secure connections set up before going remote, employees’ devices and networks are more susceptible when they’re not under the protection of in-office systems. And just during the first month of the COVID-19 pandemic, the FBI reported a 300% rise in reported cybercrime.
With this sobering information in mind, you should ensure that your business prioritizes security over convenience when it comes to using MFA and other security measures.
Don’t Leave Your Business Unprotected
No matter what industry you’re in, you need a strong cybersecurity plan in place to protect your information and assets. Multi-factor authentication is an extremely important first step, but there are also other ways hackers can access your business if you’re not careful.
Corsica Technologies provides comprehensive cybersecurity, including security awareness training to educate employees on secure practices, including recognizing phishing attacks, using strong password practices and multi-factor authentication, and more.
Investing in your cybersecurity is an investment in the future of your business, and multi-factor authentication is one such investment that’s a no-brainer.
Ross is the CISO at Corsica Technologies. He has achieved CCIE Security and CISSP certifications, an MBA from the University of Notre Dame, and has 20 years of experience in the fields of computer and network security engineering and consulting. Ross provides virtual CISO services for clients and helps them to identify information security risks and implement administrative, procedural, and technical controls to mitigate. He works effectively with both technical and managerial personnel and is a trusted resource for our clients.