Making the Case for Multi-Factor Authentication
[Editor’s Note: Especially in the past few years, cybercrime has skyrocketed at an alarming rate as criminals increasingly find opportunities to target businesses, causing unimaginable chaos from data breaches to attacks on the supply chain. To help businesses shore up their digital defenses, we’re publishing a 5-part series about cybersecurity, covering topics from the benefits of the cloud to multi-factor authentication. In part 2 of this series, we look at multi-factor authentication and why it may work for your business. To view the other parts of this series, scroll down to the end of this article.]
Making the Case for Multi-Factor Authentication – Part 2 of 5
While it's an accepted fact that adding multi-factor authentication (MFA) to your network login can make it more difficult for cyber attackers to infiltrate your network, not every organization has embraced MFA as a practice.
Some have cited the hassle of adding an extra step and device, like a smartphone, to the login process. Still, others have resigned themselves to the notion that usernames and passwords are good enough.
To help you make the best decision for your organization, we'll explore this security tool to find out the purpose and how you can incorporate it into your operations.
A Brief History
Multi-factor authentication adds one or more steps to a login process that further identifies the user as authentic. The concept, around since the early 1960s, became prevalent in the digital age with the rise of cybercrime.
MFA blocks cybercriminals and other unwelcome intruders because it's based on user-specific traits or information they don't have, such as:
• User smartphone and number.
• User fingerprints.
• System information only user knows.
If you conduct your banking or other financial business online, you would likely have received a verification code (MFA) via text when you logged into your account.
According to Info Security Group, there's considerable evidence that MFA works as this additional step can prevent up to 90% of cyberattacks.
Strong Passwords Don't Always Hold Up
Passwords are the first line of defense against cyber attackers. However, they're only as strong as they are complex. And even strong ones can be cracked by experienced and motivated hackers.
Furthermore, even with special characters, numbers, and punctuation, it doesn't negate the fact that hard-to-remember passwords often get written down on post-its where anyone can obtain them.
Employees are also known to share passwords. Additionally, they can forget to update them, putting your network security at substantial risk if their lack of oversight results in these keys to your organization falling into the hands of cybercriminals.
Cost and Hassle
As MFA evolved, some arguments against the practice surfaced for reasons that are easy to understand. First, the cost of adding more equipment to the mix, such as tokens, made the practice prohibitive for smaller businesses. This article on Toolbox takes an in-depth look at costs.
End-user resistance to the hassle of logging in or keeping tabs on the hardware required provided an additional basis for businesses to resist, as outlined in this piece by TypingDNA.
However, as with any evolving technology, these issues have since become more manageable. The prevalence of smartphones, a primary MFA vehicle, has helped mitigate hardware costs. And as cybercrime statistics have risen, the case for MFA has only strengthened.
Scale Has an Impact
As expected, the size and scale of your operation can impact the cost and ultimate decision to adopt MFA.
MFA may only make sense for some companies with employees in remote locations. For others, it may include employees with privileged access, such as system administrators or users who have access to significant resources or other sensitive information.
The nature of your industry can also have an impact. Suppose your data banks contain sensitive information like customer credit card numbers. In that case, you may be more inclined to adopt MFA than a business with little that cybercriminals consider of value.
The encouraging news is several resources are readily available for businesses seeking MFA systems and solutions. These range from no-cost no-frills options with minimal protections to fee-based solutions with promises of ironclad security. An online search of MFA providers reveals many.
External Factors to Consider
Your business or industry may be held to certain legal and compliance standards that can impact your decision to adopt MFA.
Whether it's mandated, suggested, or simply an issue for consideration, MFA is a risk-based decision that weighs implementation costs against the financial impact of a data breach or compromised network.
Not lost in the equation is the impact these outcomes could have on brand perception, customer trust, competitive position, and other factors you may want to consider when making your decision.
Cybersecurity Series:
Part 1: Ransomware: A Prescription for Prevention
Part 3: Protecting Your Cloud-Based Enterprise: It’s Everyone’s Responsibility
Part 4: The Hidden Risks of Mobile Devices and Removable Media
Part 5: Protecting Your Remote Workforce from Cybersecurity Threats