Unfortunately, the days of a username and password being a secure way to protect your systems are well and truly behind us. Cyber criminals are resourceful people and have all sort of ways of stealing your password, one of the most common being to convince you to give it away.
We’ve seen this very recently with a customer where one compromised email address led to over 7,000 emails being sent out to their customers and contacts. This had an immediate financial business impact, as well as damage to the brand. Brand damage is hard to put a figure against, but it will almost certainly lead to future lost business and who knows what revenue that may have generated.
There are also plenty of times when it may not be your fault. Barely a month goes by without another online service announcing it has been breached, resulting in thousands of usernames and passwords being stolen. These credentials are then sold for as little as $1, or even given away and because so many passwords are re-used across systems, access can quickly be obtained to something much more valuable than the service that was original attacked.
Given this threat, a second layer of security should be added to any system or service you access using a username and password. This is known as Multi Factor Authentication (MFA), where a combination of your username, password, and something physical you have, provides access. This means that when a cyber criminal obtains the first two parts, your username and password, they still can’t access the system. MFA systems aren’t new and it’s highly likely you’ve been using one for online banking for years.
Many businesses resist MFA solutions because it’s seen as making the use of IT harder. However, a carefully implemented MFA solution can become a seamless business process, designed with specific business requirements in mind. Customisation can include such options as:
-
No requirement to use personal devices as the second factor
-
Only require MFA when working away from the office
-
Require MFA when not using a business owned device
-
Enforce extra MFA steps if passwords are shared on the dark web
-
Enforce extra MFA steps if signing in from a different country
Most business systems and almost all cloud-based systems support the use of MFA. Unfortunately, take-up is low. One of the biggest cloud systems on the planet, Microsoft 365, has less than 20% of users protected by MFA. The good news is that, in the past 18 months, Microsoft has seen a 220% increase in strong authentication usage as companies have thought about increasing their security posture in a remote work environment.
MFA solutions do not require huge investments, and it may already be included with the systems you’re using and just hasn’t been enabled. To learn more about how Koris365 can implement a custom MFA solution for your business, please get in touch with a member of our team.