• Product
      • circleROAR Platform
      • cogwheelZenComply
      • lockZenRisk
      • globeZenGRC Platform
      • chartRisk Intellect
      • kes tagPricing
    • Solutions
      • By Industry
        • TechnologyTechnology
        • Financial ServicesFinancial Services
        • HospitalityHospitality
        • HealthcareHealthcare
        • GovernmentGovernment
        • Higher EducationEducation
        • retailRetail
        • MediaMedia
        • InsuranceInsurance
        • ManufacturingManufacturing
        • Oli & GasOil & Gas
      • By Framework
        • PopularPopular
          • ISO
          • PCI
          • SOC
          • COSO
          • SSAE 18
        • PrivacyPrivacy
          • CCPA
          • GDPR
        • HealthcareHealth Care
          • HIPAA
        • GovernmentGovernment
          • NIST
          • FedRAMP
          • FERPA
          • CMMC
          • FISMA
        • FinanceFinance
          • SOX
          • COBIT
    • Success
      • customer-successCustomer Success
    • Resources
      • Resource CenterResource Center
      • Reciprocity CommunityReciprocity Community
      • NewsroomNewsroom
      • EventsEvents
      • BlogBlog
      • Customer StoriesCustomer Stories
      • Content RegistryContent Registry
    • Company
      • About UsAbout Us
      • Contact UsContact Us
      • CareersCareers
      • Leadership
      • Trust CenterTrust Center
      • PartnersPartners
      Get a Demo

        Cybersecurity Awareness Month: Enable Multi-factor Authentication

        Published October 20, 2022 • By Tricia Scherer, Senior Technical Product Manager • Blog
        Cybersecurity Awareness Month: Enable Multi-factor Authentication

        Why Multi-factor Authentication?

        Have you ever wondered what could happen if you don’t have multi-factor authentication (MFA) in place? Or perhaps you may have seen incidents occur prior to implementing MFA, or after if not deployed properly? Well, I can tell you from firsthand experience that ransomware as a result of phishing can be a consequence.

        Earlier in my career, I worked at an organization where we were weighing the costs and benefits of implementing MFA. During this time of analysis and decision-making, we were attacked by ransomware after someone clicked on a phishing link. Subsequently, to contain the incident, our Information Security engineers shut down the affected department’s network until we resolved the issue.

        This of course, was not received well by the department since they lost productivity as well as a bit of morale that day. So, this begs the question, how could this have been prevented?

        A 2021 Verizon Data Breach Investigations Report found that 61 percent of breaches in 2020 were executed using unauthorized credentials.

        How do we stop credentials from being compromised? Education via Security Awareness Training is imperative to teach your employees how to spot suspicious links in emails to avoid phishing attacks, recognize social engineering techniques, and understand that security is everyone’s responsibility.

        However, training and awareness is one layer of defense in depth protection. Automated and technical controls are imperative to have in place so that breaches and malware can be prevented. One important technical control is MFA. Let’s dive into what exactly MFA entails.

        See also

        [Webinar] Powerful Cybersecurity Lessons from the Movies

        What is Multi-factor Authentication?

        At the most basic level, MFA is an authentication method that requires more than one distinct authentication factor for successful authentication.

        The three authentication factors are:

        • Something you know (such as a password)
        • Something you have (such as a token or cryptographic identification device)
        • Something you are (such as biometric authentication for fingerprint scan, retina scan, facial recognition, etc.)

        Essentially, authentication requires proof that users are who they say they are. MFA takes it a step further by requiring users to provide proof from two or more authentication factors before access is granted.

        MFA reduces the risk of security breaches from occurring and helps keep data and credentials safe by adding barriers that stop bad actors in their tracks. Even if credentials are compromised, it is extremely rare that a hacker also has a second or third authentication factor.

        MFA protects against phishing, social engineering and password brute force attacks.

        Benefits of MFA

        As mentioned before, training your users is essential but adding MFA is one of the most effective technical controls of layered security. Here are several key benefits that MFA offers:

        • Decreases risk from compromised credentials – since passwords may be the least secure form of authentication, MFA offers an additional factor to protect them.
        • Improves security – According to Microsoft, MFA can prevent 99.9% of attacks on your accounts.
        • Promotes regulatory compliance – certain industry and geographical regulations require MFA, including the Payment Card Industry Data Security Standard (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPAA).
        • Increases productivity through compatibility with Single Sign-On (SSO) – MFA can be integrated with SSO and embedded into applications. Users no longer need to create numerous unique passwords. Along with SSO, MFA reduces friction between applications and systems while verifying the user’s identity, saving time, resources, and ultimately increasing productivity.

        By now, you can see just how beneficial MFA can be for your organization. With minimal investment, you can start protecting your data assets and adding preventive measures against the most prevalent attacks. Deploy MFA and add to your defense-in-depth security approach today. And, for greater visibility into your defense-in-depth security controls, implement the Reciprocity® ROAR Platform. With Reciprocity ROAR, you can connect your cloud hosting providers and collect evidence any time to ensure that MFA is enabled.

        Why not give it a try? Register for a FREE live demo to see ROAR in action.

        Why sign up for the Risk Insiders newsletter?

        To stay in the know! Get new blogs, resources, CPE opportunities, industry research & more — direct to your inbox.

        Thank you for subscribing to the Risk Insiders newsletter!

        Recommended

        Image
        Cybersecurity Awareness Tip: Using Strong Passwords
        Cybersecurity tip: Use strong passwords
        Security

        Cybersecurity Awareness Tip: Using Strong Passwords

        Read more
        Image
        Your Security Approach Could Be Putting Your Business at Risk
        taking a risk-based approach to business security
        Security

        Your Security Approach Could Be Putting Your Business at Risk

        Read more
        Image
        Cybersecurity Awareness Month: Don’t get Caught! How Phishing Attacks Ca...
        Cybersecurity Awareness Month: Phishing
        Compliance

        Cybersecurity Awareness Month: Don’t get Caught! How Phishing Attacks Can Sink Your Organization

        Read more

        Discover the Power of the Reciprocity ROAR Platform

        Get a Demo
        Reciprocity Logo
        Product
        • ROAR Platform
        • ZenComply
        • ZenRisk
        • ZenGRC Platform
        • Risk Intellect
        • Pricing
        Solutions
        • Industries
        • Frameworks
        Success
        • Customer Success
        Resources
        • Resource Center
        • Reciprocity Community
        • Newsroom
        • Events
        • Blog
        • Customer Stories
        • Content Registry
        Company
        • About Us
        • Contact Us
        • Careers
        • Leadership
        • Trust Center
        • Partners
        Contact Us
        Contact Us

        © 2023 All rights reserved

        Privacy Policy