Is Multi-Factor Authentication the Backbone of Future IT Security Protocols?
Every small-to-medium sized business owner needs a strong IT security protocol for accessing internal networks, Wi-Fi networks, and even basic email accounts. A business needs strict control over how their networks and accounts are accessed to prevent unauthorized access and disclosure of sensitive data.
Each new data breach is a reminder that a secure password isn’t enough to protect your company’s data. For instance, if an employee uses the same password for Twitter and their company email account, if their Twitter account password is leaked in a data breach, their company email account is automatically compromised.
Unfortunately, data breaches have become more frequent than ever with more than 3,800 publicly disclosed breaches exposing 4.1 billion records in the first six months of 2019. Many of these data breaches could have been prevented or thwarted with multi-factor identification (MFA) also known as “two-factor identification” or 2FA.
Multi-factor authentication is highly secure
Using multi-factor authentication goes a step beyond using a password. The National Institute of Standards and Technology (NIST) describes multi-factor authentication as “a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account.”
The NIST explains how these credentials work. “Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.”
MFA is one of the strictest IT security protocols around. If a person doesn’t have access to all required accounts or devices, they can’t log in even with the correct password. For instance, Google allows users to enable two-factor authentication, which requires a password and a code sent via text message to log in. Without the code, a correct password won’t log you into the account.
Many online services offer users the option of turning on MFA, but it should be a requirement, especially among small-to-medium sized businesses. Even trustworthy employees put company data at risk by accessing the company network on an unsecured public Wi-Fi network or by allowing someone else to access their computer.
Requiring MFA with clients, contractors, and vendors
MFA should always be used to protect highly sensitive data. If your employees are allowed to access a company account or network from a remote location, they should be required to complete two-step verification. Even when your employees can only access the company network from within the office, you should enable MFA. An unauthorized user might successfully spoof your company’s IP address and gain access to company data.
Using MFA to lock down security also applies to interactions with other businesses, contractors, vendors, and clients. Say you hire a contractor to update your website via FTP and they store your login credentials in their browser. If their computer gets stolen or the browser’s cloud data is compromised, access to your website will also be compromised. Requiring two-step verification for FTP access is the only way to protect your data when an unauthorized third party gets ahold of valid credentials.
Encryption plus MFA for FTP access equals secure data
Your company data is much safer when you have an SSL certificate for encryption and two-factor authentication for all FTP users. If you run your own server, you can install 2FA software called WiKID or you can move your web hosting account to a dedicated server provided by a hosting company that enables two-factor authentication via SSH.
Who uses MFA?
Several industries have been using MFA for decades. The financial industry has been using MFA for decades. If you’ve ever used a debit card, you’ve used 2FA. Using a physical card and a PIN number is 2FA. Although it’s an option, 2FA isn’t required for logging in to most online bank accounts. Soon it will be a requirement.
2FA is also used in the U.S. military via the Common Access Card (CAC) to provide military personnel with access to buildings, controlled spaces, and DoD computer networks. Law Enforcement agencies require 2FA verification when an officer accesses the NCIC database from a mobile device or unsecured location.
Bank of America specifically uses MFA for higher-value transfers. Other notable companies using MFA include Amazon Web Services, Facebook, GitHub, Microsoft, Apple, and Charles Schwab. You don’t need to be a major corporation to benefit from using MFA. In fact, statistics show that 43% of cyberattacks are aimed at small businesses and unfortunately, only 14% are prepared to defend against the attack.
In 2018, more than half of all small businesses suffered a data breach and each attack costs an average of $200,000. After a data breach, 60% go out of business. The problem is bigger than it seems. Eventually, every organization’s security perimeters will be breached; it’s simply a matter of when.
Although some businesses currently provide MFA as an option, it’s only a matter of time before MFA becomes the gold standard in IT security.
Keep your IT systems secure
Managing IT security is complicated. If you’re going to keep your data secure with MFA, it’s crucial to start with secure IT infrastructure, including a secure network monitored around the clock. At Bluetowne, we can monitor, manage, support, and maintain your IT infrastructure regardless of location. We can manage your IT infrastructure, whether it’s on-premise, cloud, or at a data center colocation.
Our network security experts will implement industry-standard protocols to detect and prevent intrusions, encrypt end-point storage and email, inspect applications, and provide gateway threat protection. We will monitor your IT infrastructure 24 hours per day and continuously collect and process data to make sure your network remains secure.
We can be your in-house IT department or support your existing team. We’re focused on providing remarkable customer service and want to help you create and maintain secure IT infrastructure efficiently and cost-effectively.
If you’re tired of paying too much for IT management, talk to us about our managed IT services and find out how we can help.