Each time we register for an online service, there is typically a prompt that asks the user if they would like to set-up multi-factor authentication (MFA). MFA adds an additional layer of protection against unwanted intrusion and access to your data, whether that is sensitive information about your firm or your firm’s clients and vendors.
MFA works by requiring multiple forms of verification to prove one’s identity in order to gain access to a specific network. Once a user has entered their username and password to login to a network, an MFA prompt appears that requires a code or digital token to be entered, which is provided by a secondary trusted device or authenticator application. Some MFA applications will use a randomly generated code or use biometrics such as a fingerprint or face recognition key which ties the verified user to the network.
MFA is important for all business systems across your firm’s digital infrastructure, including email, applications in which funds are transferred between accounts, as well as internal and third-party services. And while MFA may seem like a minor inconvenience to the user to have to input an additional code to access their network, this minor inconvenience also applies to bad actors looking for easy vulnerabilities who generally look for single factor authentication such as a basic username and password login as an easy target.
MFA and Insurance
From an insurance coverage standpoint, many cyber insurers will look for confirmation of MFA as a key control and is often needed in order to secure coverage. Those looking to purchase cyber insurance should also consider having defensive software in place and perform regular patch updates (you can learn more about defensive software by clicking here: Detect, Protect, Remove. Safeguarding your Data with Cyber Software – Purves Redmond Limited).
Firms should work with their IT department to ensure MFA is set-up for all employees across all systems that have access to sensitive data or securities. MFA is a simple yet effective way to deter bad actors from trying to breach a network and can give you and your firm peace of mind that there is an additional layer of security. For the end user, MFA in combination with a strong password in place will help mitigate the chance of a breach and subsequent claim.
For more information on Multi-Factor Authentication, contact:
Chris de Sousa Costa, MBA // 647.242.7469 // cdesousacosta@purvesredmond.com
Works Cited
Maynes, M. (2019, August 20). Microsoft. Retrieved from https://www.microsoft.com/en-us/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/
