What is MFA and Why Aren't Passwords Alone Good Enough?
If you’ve heard of Two-Factor Authentication (2FA), then you’re familiar with MFA. MFA, or MultiFactor Authentication, simply requires an individual to provide two or more credentials to authenticate their identity, thus adding an extra level of protection to user accounts.
Chances are, you’ve been using 2FA for some time, such as when you swipe your bank card at the ATM (Credential #1) and then enter your PIN number (Credential #2). However, your bank may require – or you may voluntarily have set up – MFA when logging into your bank account online. Here’s the scenario.
When you have MFA activated on an account, you will typically enter your username and password (Credentials 1 and 2). Then you will be asked to utilize an authenticator app or receive a one-time time-sensitive code that can be sent via text message to the phone number on the account, to the email on the account, or through an authentication app, like Duo or Google Authenticator. Once you’ve input the code through any of these means, you’re logged in and ready to go.
MFA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are, and it’s a necessary step in maintaining your online account security.
Biggest Threats Thwarted by MFA
- Phishing – Fraudulent tactic used by sending emails to individuals in companies in hopes of obtaining information such as login credentials, credit card numbers, and personal information.
- Spear Phishing – Fraudulent tactic used by sending emails to specific targets in hopes of obtaining company login credentials and/or payment information.
- Credential Stuffing – using stolen credentials bought off of successful data breach criminals
- Keyloggers – obtaining your credentials by capturing your keyboard strokes.
- Vendor Email Compromise
- Business Email Compromise
MFA Helps Protect Your Accounts in 2 Major Ways:
1. It helps you detect if you’ve entered your credentials into a fake login site. Should you fall victim of phishing email and input your credentials into a fake login site, you would notice something is strange if you didn’t receive your normal MFA request of either a text message or an email. This red flag should tell you right away that something is wrong and that your IT department needs to be notified immediately.
2. If using text message or email to authenticate, it will notify you if someone is trying to access your account using your stolen password. Since you – and only you – have access to your authentication app or device, cybercriminals who have obtained your login credentials and attempt to login, will prompt a MFA request due to an unknown computer logging in. That unexpected MFA request should raise that red flag and your IT department should be notified immediately.
Office 365 Account Compromise Statistics
Greater Rochester NY businesses lost a total of $1.2 million in direct wire transfers, gift cards, or ACH-related losses due to O365 compromises in 2016 alone. Those numbers have risen with the increase of cyber-attacks.
Data breaches caused by O365 account compromises:
• Are the most common O365 account compromises
• Result in massive productivity loss
• Highly damage your business’ reputation
• Cause cyber insurance deductibles and premiums to significantly increase
Criminals use successful Business Email Compromises for:
• Direct theft of funds through compromised credit cards, ACH numbers, wire transfer information, and other financial data.
• Vendor Email Compromise which can compromise and defraud an entire supply chain.
• Further attacks through phishing emails sent to email addresses found your company’s compromised email account(s).
MFA Protects More than Your Business
MFA not only protects everyone associated with your business, it protects your entire supply chain and your company’s reputation. MFA is perhaps the easiest and arguably one of the most effective ways to reduce your risk of compromised accounts, not only for O365, but every sensitive account requiring a login – payroll, benefits, bank, etc.
Give us a call today to set up MultiFactor Authentication for your company. Let us protect your business and give you peace of mind.