With cybersecurity threats as prevalent as they are in today’s society, multi-factor authentication (MFA) is an absolute must. It’s importance really can’t be overstated given the base levels of protection and security it gives a business. MFA (most commonly in the form of two-step authentication) is a security protocol whereby user access is only granted after an additional piece of authenticating knowledge is provided. Most often, this comes in the form of an SMS message with a code, or an email verification. The team here at Nutbourne, a managed service provider in London, wanted to explain just why this simple set-up is so vital in modern society.
Because It’s Needed!
The simplest reason we advocate the installation of MFA is because it’s needed. According to a report by PwC, only 39% of global executives feel confident in their cyberattack attribution capabilities. These board-level concerns are legitimate, too; Terranova’s 2020 annual “Gone Phishing” tournament (an event aimed at leveraging real-time phishing data and boosting corporate awareness surrounding the issue) finding that very nearly 20% of the participating employees still clicked on malicious phishing links.
The event’s corresponding report also found that between January and March 2020, the number of blocked suspicious messages targeting remote workers increased by an almost inconceivable 30,000%. So, in other words, MFA is needed. If employees do fall victim to a phishing attack, then that hacker still won’t have access to the actual user’s facial recognition or (less dramatically) the answer to their security question, for instance.
The Main Benefits Of Multi-Factor Authentication
Clearly, then – in broad terms – enhanced security is one of the main reasons to implement multi-factor authentication. More specifically, though, it protects often overlooked aspects of a network (such as business applications and emails) whilst also alerting users to threats; if MFA is enabled and a hacker attempts access, the employee who receives the second authentication factor will then be able to report the details of that attempt on to their IT security team. In theory, this means that with an MFA strategy in place your network should be continuously becoming more secure.
What Are Some Of The Different Factors That Can Be Used?
The central tenet of multi-factor authentication is establishing user identity, and there are several ways this can be ascertained:
Something Only The User ‘Has’
This additional factor pertains to some piece of physical security evidence on the user’s person. It might be a unique USB drive or a specially made security token, a wireless key card or something else. The main benefit of these hardware tokens is that a hacker has to be in physical possession of them. This means that no matter how proficient they were, they’d be stumped without it. The flipside of this, of course, is that it can be less practical; it relies on the user always remembering to have it on them and issues can be caused if ever these security tokens are lost.
Something Only The User ‘Knows’
Knowledge factors include the classic passwords, pin numbers and security questions. They’re the most commonly used form of authentication worldwide. There’s a lot of variability in terms of the efficacy of knowledge factors; much of it depends on the thoroughness of an individual user. One person might set an incredibly complex alphanumeric password. Another, however, might use a security question that’s easily researchable or guessable.
Something (Or Somewhere) Only The User ‘Is’
This factor centres around specific aspects of a user – iris recognition, for instance. Other examples of this ‘inherent’ authentication include fingerprint, vocal and more general facial recognition. Increasingly, GPS location is also being used as an authenticating factor within multi-factor authentication.
Implement It Right And Reduce Friction For Employees
There’s no getting around the fact that MFA is a (in our view imperative) additional step. It’s another layer for employees to have to deal with. Although it’s not much more effort, there’ll always be those who buck against change. To mitigate any potential pushback, offer a variety of factors so that employees can use which factor best suits them, and critically, have a support plan in place so that if anything should go wrong, it can easily be rectified. The last thing you want is for your employees to deem MFA even more onerous a process as a result of a lack of support.
So, if you’d like to find out more about our cybersecurity services or our work more generally as a London managed service provider, then get in touch! Contact Nutbourne today on +44 (0) 203 7273 or by filling out an enquiry form on our website.