Cybersecurity can seem overwhelming at times. It’s constantly changing, and new threats are popping up seemingly every day. Your business needs a layered security solution to stay safe. The challenge is that security done wrong can be so cumbersome that users try to find a way around it. This can frequently be more insecure that not having the solution in place at all
Our goal is to limit the impact any one cybersecurity layer has on our clients. However, in some situations it does require buy-in from our client base. Multi-Factor Authentication (MFA) is a perfect example of this. This is one of the few layers that will require the user to participate.
What is Multi-Factor Authentication?
In the past, a username and password has been somewhat sufficient to protect your accounts. However, more data is ending up on the dark web and easily accessible to the bad actors.
MFA is a second form of authentication to login to your account, rather than just your password.
While this may sound cumbersome, we make this easy.
After implementing the rule that all users must have MFA, they will be prompted to set up a second form of authentication.
There are multiple options to choose from:
- Authenticator App – Preferred Method
- Text code to their phone
- Call their phone
- USB Key – For organizations that do not have company owned mobile devices or do not want employees using personal devices to authenticate
The user will just need to set up their preferred method and go through the prompts. This process is usually quick and easy, but we are here to help if they run into any roadblocks.
The Authenticator App:
This free app can be downloaded on any IOS or Android device. The user will be prompted to “add and account” and scan the QR code that is displayed on their computer screen. This will pair the app with their account.
User Experience
With this enabled, the user can now easily log in to their Microsoft 365 account but with significantly enhanced security on their account and your organization.
They will be prompted every single time they login to a new device. However, their primary device will be remembered so it will not prompt the user every time, making it less intrusive. The primary concern is a login on a new device, which is why the policy is laxer for the daily/weekly use computer.
Your question may be, how long does it take?
3-5 seconds. It’s really that quick. Made that way on purpose so that it’s simple enough users will easily adopt it.
The Benefits of Multi-Factor Authentication
There are few cybersecurity layers that have such a massive impact. According to Microsoft, 99.9% of account compromise attacks can be prevented with this enabled.
This statistic may have changed in the last few years since it came out. Bad actors have worked to develop new ways to circumvent MFA. However, MFA is still an effective tool to help keep your Office 365 accounts safe. With more data than ever moving to the Microsoft platform, MFA is no longer a recommendation but a requirement.
Another Part of the Why
In 2024 business email compromise attacks have surpassed ransomware as the number one cyberattack on businesses according to recent statistics.
Bad actors will work to compromise your email, and then mine it for information. They find out who your clients are, and are famous for intercepting large invoices, emailing your customer from your account, and telling them that your baking information has changed. They should wire payment to a new bank account. It’s a simple but effective scam and has been used to rob many businesses.
MFA is one of the layers of protection that will help defeat these attacks. It’s also recommended that you have cybersecurity awareness training, a quality email security suite, and policies in place that protect wire transfers.
With a layered approach like this your business will be as safe as it can be. MFA is where it all starts.
Time to get started
If you’re ready to up your security game and get MFA in place, we’re ready to help. i.t.NOW has a team of cybersecurity experts that can help implement MFA and other critical cybersecurity solutions. Call us today for a free security evaluation!