Triskele Labs Blog

The right way to use multi-factor authentication in your cybersecurity strategy

Written by Nick Morgan | Apr 30, 2020 10:05:00 AM

Multi-factor authentication (MFA) is one of the primary tools cybersecurity specialists leverage to protect access to sensitive information. Given that MFA is essentially a mechanism in which you go above the two credential checks inherent to 2-factor authentication (2FA), it’s generally considered a more robust way to protect your resources. 

2FA is commonly-used for certain routine activities like checking your bank balance, logging into certain social media platforms, or even placing orders for food, where, in addition to entering your password, you’re also prompted to enter a one-time password, which is usually sent to your phone.

Since business systems often need to go beyond 2FA, MFA is the preferred method of ensuring that only authorised personnel have access to certain types of data. 

HOW DOES MULTI-FACTOR AUTHENTICATION WORK?

As you may already know, MFA is a mechanism through which you require multiple credentials from users trying to access certain business-related systems or data. These can take various forms and include, as mentioned above, passwords, OTPs, hardware tokens, biometrics and other types of data.

MFA IS IMPORTANT REGARDLESS OF HOW BIG OR SMALL YOUR OPERATIONS ARE

Cybercriminals these days are more ruthless than ever before and will not hesitate to attack small to medium-sized businesses because they know they’re likely to have minimal security in place. 

In fact, according to Verizon’s Data Breach Investigations Report from 2019, 43% of cyber attacks target small businesses

While 2FA is pretty secure, MFA is more so. As a small business, if you’ve had repeated hacks or other security violations despite having 2FA in place, multi-factor authentication can add an extra layer of security. This may help you prevent more entry-level attacks.

MAKING QUICK WINS WHERE YOU CAN

Certain service provides like Google, PayPal, and Dropbox facilitate MFA mechanisms and make it easier to incorporate this level of protection in basic business functions including invoicing and payment, communication, and data transfers.

Wherever multi-factor authentication is available, make sure you make it a part of your security protocols so you can make easy fixes to larger, more insidious problems. According to Microsoft, multi-factor authentication bypass attacks are so rare, there aren’t enough statistics on them!

EDUCATE YOUR EMPLOYEES ABOUT THE IMPORTANCE OF MFA AND HOW TO USE IT

It’s all too easy for top management to announce sweeping security changes in an organisation. While these intentions stem from valid goals and objectives, failing to make employees understand why they are necessary or how they should be using mechanisms like multi-factor authentication can impact the effectiveness of these measures.

As part of your efforts, make sure that your MFA mechanism alerts users when their credentials are used to gain access to a certain system or data, issues login alerts (whether successful or not), and triggers other personalised notifications, which will help reinforce how important it is to secure individual access to business resources. This empowers employees to take company security seriously. 

LEVERAGE MFA INTELLIGENTLY - DON’T ALLOW IT TO DISRUPT YOUR OPERATIONS AND FUNCTIONS

Another consideration you need to balance carefully is productivity and smooth functioning. While multi-factor authentication is a powerful cybersecurity tool, it must not make life more complex or difficult.

One way to go about this would be to determine where MFA is required and how frequently it is prompted. You will also need to make this experience as hassle-free as possible, perhaps by asking employees to download certain MFA apps like Google Authenticator, which are easy-to-use and require little to no training to become familiar with.

This way, you make these mechanisms a more natural part of the employee experience and thereby make it more likely that your teams stick to the security protocols in place.

PROTECT YOUR BUSINESS RESOURCES EFFECTIVELY WITH BASIC SECURITY MECHANISMS

While a business’ cybersecurity strategy is always a mix of complicated, technical systems and various human-focussed security protocols and mechanisms, multi-factor authentication is something that’s easily understood and implemented.

Speak to experienced security consultants who can add value to your business by recommending MFA policies and other best practices.