A Quick Guide to Multi-Factor Authentication

A Quick Guide to Multi-Factor Authentication

Multi-factor authentication (MFA) has rapidly become an essential component of cybersecurity. After the President signed an Executive Order late last year, Cyber Insurance plans in the US will require its usage. This is becoming a standard across other industries too. A recent report by the Identity Theft Resource Center shows data breaches have risen a record-high 68 percent in 2021.

The coronavirus (COVID-19) has increased the size of the digital workforce, which has made online risks even more prevalent. Complex passwords have historically been enough to protect users. However, Microsoft revealed they have over 300 million fraudulent sign-in attempts per day. They also claimed that 99.9% of account compromise attacks can be blocked with multi-factor authentication.

Table of Contents

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication, called MFA for short, is a two or more-step process to verify your identity. This is done by presenting at least two types of factors, such as a password and a time-limited passcode. The more factors used, the better the security.

How many types of MFA factors are there?

There are five types of factors:

    • Knowledge: Something you know, like a password.
    • Possession: Something you have, such as a passcode received via text.
    • Inherence: Something you are, which can include physical features.
    • Location: Somewhere you are, like connecting to a Wi-Fi network.
    • Behavior: Something you do, such as device usage habits.

Knowledge, possession, and inherence are the three most used factors. Location and behavior are less common but have continued to make advances. Some services have combined location and behavior into one entity: adaptive authentication. It uses artificial intelligence (AI) to assess risk through many observed factors.

What are some examples of MFA?

There are many examples of MFA. It combines two or more types of authentication factors, which can include:

    • Login with a username and password.
    • Entering a PIN.
    • Answering security questions.
    • Inputting a time-limited passcode received via text, phone, or app.
    • Getting a fingerprint scan.
    • Swiping a security card.

Login information, using a PIN, and security questions all act as knowledge factors. Time-limited passcodes, fingerprint scans, and security cards are possession factors. Through partners like Duo Security, it’s recommended to include at least one possession factor, which can be combined with other factors.

Why is MFA Important?

MFA is important because it increases the safety of your data by making it more difficult for outsiders to access. Online threats are becoming more sophisticated.  Rather than relying on one authentication method, it provides multiple layers of protection.

Is MFA effective?

MFA is an effective and fast way to improve the cybersecurity of your data, whether it’s for school, work, or personal use. By using more than a password, you can prevent most hack attempts. It’s considered the single easiest way to improve account security.

Attacks will commonly target usernames and passwords. They rarely factor in a secondary form of security. There are many ways that hackers can take advantage of security holes, but passwords are the most common source of problems. By adding additional ways to validate the user’s identity, a stolen password becomes less of a concern.

How do you set MFA up?

When creating an account, you may only need to submit one form of authentication, such as a username and password. Adding a second form of validation will depend on the account and the provider. You’ll frequently find options within your security settings.

If you’re having difficulty setting it up, check the FAQ associated with your account, or contact your local administrator. Third-party services like ITonDemand can also assist with MFA and other cybersecurity solutions.

Is MFA optional?

For US-based users that have Cyber Insurance, it will now be mandatory. It may not be required for those without insurance, but setting it up proactively will still decrease the chance of a security incident. It’s treated as essential even when it’s not legally enforced.

Closing

People often hesitate to embrace newer forms of technology and security. Authentication is no exception. A 2020 research study by CoreView Research reported that 97% of Microsoft 365 users don’t use multi-factor authentication. Meanwhile, 78% of Microsoft 365 administrators don’t have MFA enabled. While these numbers have likely improved, it shows that users and administrators alike have been slow to adopt it.

Considering the high risk of accounts that don’t have MFA, it’s not surprising that mandates would be utilized to increase the usage rate. It’s one of the quickest and easiest ways to add a proven layer of security. For keeping your data secure, it’s better to be proactive than reactive. Once it has been stolen, there is no way to take it back.

Other Articles You Might Be Interested In:

4 Ways to Travel Safe For Business

4 Ways to Travel Safe For Business

Working from anywhere is now as simple as accessing the internet on your device.  

Managers, owners, and employees are all embracing the flexibility of working while traveling, making it the new global norm. But while you were in the office, you were protected by professionally designed firewalls, security infrastructure, and robust software. 

As soon as you step away from the building, those protections disappear, leaving your device and the data inside at great risk. 

Cyber attackers love to collect any data they can obtain, often preferring to hack first, assess value later. It doesn’t help that almost all data can be sold, including your personal details, those of your clients and suppliers, as well as your proprietary business data. These days, the information stored on your device is usually worth much more than the device itself. 

Hackers don’t need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software. 

It’s okay, you don’t need to lock all employees inside the building or cancel all travel plans. 

1. Make a backup before you travel

Whether your employee left their laptop at a café or a thief stole their phone, the outcome is the same – that device is gone.  

Hackers will take advantage of any opportunity to gain access to a device, including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes to install spyware, before handing it back. 

In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.  

Your best strategy: develop a disaster recovery plan. 

If you have a business, it’s best practice to make sure all files on your employee’s devices are backed up in the cloud. If you use Microsoft 365, SharePoint is a great way to centralize your data. Staying proactive in storing data on the cloud will help you never worry about losing important information. 

2. Don’t use public Wi-Fi (use a VPN) 

We’ve all come to expect free Wi-Fi networks wherever we go. Hackers will take advantage of this trust to create their own free, unsecure network, just waiting for a traveler to check a quick email.  

Wait until you have access to a secure network before going online – even just to check your email. One way you can do this is by getting a VPN (Virtual Private Network) 

A VPN hides your computer, network, and in-house business applications. So you can browse your apps and the internet knowing you’re safe and secure from hackers. When you use a VPN, you can rest easy that you’re on a protected network. 

3. Have strong passwords and encryption 

At a minimum, make sure you have a password on your device, or even better, have full drive encryption. That way, even if your data storage is removed from the device, the contents are inaccessible. Some password laws to live by: 

  • 8 characters minimum 
  • Don’t use your profile or personal name in the password 
  • Use special characters (e.g. $!_123) 

Passwords are becoming progressively easier for hackers to breach. So the stronger you can make it the better. It’s also helpful to implement 2-Factor Authentication. 

4. Act fast after loss

Criminals are always looking for ways to steal your data for their own gain.  

If your device is lost or stolen, immediately notify the right people. This might include your IT provider so they can change passwords, your bank so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.  

If you want to travel safe, these 4 steps are a must-know. Remember, your data is your business and customers. Keeping it safe, secure, and proactive will help you sleep better at night. 

Want to start taking control of your security? Consider reaching out to learn more about ways your business can stay safe remote and in the office. 

Other Articles You Might Be Interested In:

How Integrated IT Solutions Can Help Your Business

How Integrated IT Solutions Can Help Your Business

With technology usage shifting, some business owners are struggling to keep up with all the changes. 74% of small to midsize businesses think effective use of technology is vital to growth. However, using technology effectively is not always that simple. IT problems...

read more
Top 15 Benefits of Managed IT Services

Top 15 Benefits of Managed IT Services

When running a business, information technology (IT) can be complex, time-consuming, and essential. However finding, hiring, and training qualified IT staff members has become more difficult than ever. With long hiring periods due to the specialization of the role,...

read more

Protect Your Shared Computer While Remote

Protect Your Shared Computer While Remote

Many families today have a shared home computer to help with day-to-day activities. A child has online classes to access for school. A teen can search for jobs and stream shows. A parent needs to check company emails and pay personal bills. With everyone working from home, the shared computer is getting a lot more use and the data is more sensitive to privacy concerns. 

Not every employee was lucky enough to get sent home with a business laptop. Some employers ask you to use your own computer. At the same time, you may also be accommodating for your kids who need to keep up with their online learning.  

Minimize Security Risks

Your shared computer can now present a cybersecurity risk. You may have important work documents on the home computer. You could log in to the business network unaware of malware downloaded onto your home device. Of course, that malicious software isn’t doing your home computer any favors either.  

With the entire family using the computer, make sure to set up virus protection on your home device. Additionally, you may set security patching and software upgrades to happen automatically. One of your young users could be seeing the message requiring an update and ignoring it. That leaves you unaware the software is vulnerable to bugs or threats.  

Set Up Personalized Profiles

Everyone sharing a computer puts your work at risk. You could have downloaded a spreadsheet containing employees personal identification information. That represents a compliance risk if another user accesses the document.  

Or you could lose hours of work. Someone else might drag that project you’ve been working on to the trash with a school assignment rubric. Our IT experts can set up different account profiles for each user. Doing this not only helps to secure your work from home but can also add protection for your kids.  

 The immediate appeal is personalizing the desktop for the individual user. Your kids can pick their own home screen backdrops and menu bars. You may not want a ton of programs clouding your home screen. For smaller children, you can make icons and text bigger. Personalization is a great bonus to adding users.  

Security advantages of these profiles:

  • Web filtering enables you to set rules to screen incoming Web pages. This can help avoid children seeing explicit content or accessing a malicious site. You might also limit Web browsing to particular sites.   

     

  • App limitations can ban kids from buying and downloading certain apps. For older kids, you could have parental permission first. 

     

  • You can set up Screentime limits for particular sites (e.g. Netflix or YouTube). Or allow young people to access online content only at certain hours of the day. 

     

  • Age restrictions allow you to filter mature content from search results. These also filter what apps, games, and media the young user can view or buy.  

Individual profiles also make it easier for parents to track online activity. Keeping your work and family safe during this remote environment is critical. Safety should always be top of mind.

Need help ensuring your remote team is secured? Call us at 800-297-8293 

 

Other Articles You Might Be Interested In:

How to Improve Your Laptop’s Battery Life

How to Improve Your Laptop’s Battery Life

Whether used for work or entertainment, laptops are a great option for combining productivity with portability. That’s expected to continue in the coming years, as more people buy them than desktop computers and tablets combined. They come with one notable drawback...

read more
9 Habits to Improve Your Cybersecurity

9 Habits to Improve Your Cybersecurity

Online threats are at an all-time high, making healthy cybersecurity habits more important than ever. According to a report by Risk Based Security, there were 28,695 vulnerabilities disclosed in 2021. They noted that even with resource prioritization, patching all...

read more

Keeping Your Remote Team Accountable and Productive

Keeping Your Remote Team Accountable and Productive

Digital technology is becoming the future for businesses. Yet, remote work hasn’t obtained widespread acceptance because of this question: how are businesses supposed to ensure accountability in this new work-from-anywhere environment?

COVID-19 forced many businesses to transition to a work from home environment. Whether business owners liked it or not, they had to go remote. Former critics of remote work are discovering the benefits. A lot of employees are enjoying the opportunity and want to keep doing it.

Due to the pandemic, technology and products have adapted faster to remote workplaces. Let’s dive into the best resources to ensure remote accountability with your team.

Top Tools for Remote Work Accountability

At the end of the day, employers need to trust their team. This is true whether they’re working on-site or from home. Still, supervisors can trust their employees easier with remote monitoring.

Team Calendars

Aligning your team’s calendars is a great starting point. Microsoft 365, Google’s G Suite, and other tools allow staff to share calendars. Your employees can schedule personal appointments and team-wide meetings. This enables your team to communicate their availability to you and your team. Managers can go online to track sales meetings, client presentations, or team sessions.

Project Management Software

Project management software is another way to stay up-to-date with your team. Teamwork, Basecamp, and Trello all offer a central location to collaborate. Employees can use secure software from anywhere to share files and interact. To improve accountability and responsibility sharing, individuals can set deadlines and create tasks.

Messaging Platforms

Businesses can also use messaging software to keep everyone on the same page. These communication tools provide for one-on-one messaging and group chat. It’s easy to send a quick note asking someone for a status update or to check-in. Some tools also allow individual and team audio calls as well as video conferencing. Some common tools are Microsoft Teams and Slack.

Cloud-Based Office Software (Document Collaboration)

For remote collaboration, also use cloud-based office software. Having the ability to collaborate on company documents without email is key. Microsoft 365 and G Suite enable many users to go online and work on the same things at the same time. This lets managers view shared documents and verify progress. It’s also possible to invite clients or external accounts to access these files. Be cautious when doing this for security reasons. Contact us for examples of how Managed IT can save you time, money, and sleep better at night. 

Remote Security

Security is another reason businesses are resistant to remote work. But technology is keeping up.

Security software is a must-have for all businesses. Educate your employees about cybersecurity best practices. Requiring antivirus and malware upgrades. Limit external sharing and enable multifactor access. There’s a lot of ways you can help make remote work viable, reliable, safe, and secure.

Managed Services Provider

Need help installing or implementing remote work tools? A managed service provider can help. Or our IT experts can put in place the administrative controls you need to help secure work from home. Let us provide the IT help you need.

Contact us today at 800-297-8293! Feel free to download our eBook – completely free and learn about what Managed IT could do to help your business thrive.

 

Download the Free eBook:

4 Signs You Need a Managed Services Provider

Other Articles You Might Be Interested In:

How to Improve Your Laptop’s Battery Life

How to Improve Your Laptop’s Battery Life

Whether used for work or entertainment, laptops are a great option for combining productivity with portability. That’s expected to continue in the coming years, as more people buy them than desktop computers and tablets combined. They come with one notable drawback...

read more
9 Habits to Improve Your Cybersecurity

9 Habits to Improve Your Cybersecurity

Online threats are at an all-time high, making healthy cybersecurity habits more important than ever. According to a report by Risk Based Security, there were 28,695 vulnerabilities disclosed in 2021. They noted that even with resource prioritization, patching all...

read more

5 Steps to Prep Your Business for Work-from-Home Scenarios

5 Steps to Prep Your Business for Work-from-Home Scenarios

As we all know in a mid-pandemic world, flexibility in the workplace is key to maintaining business continuity. Having made it through almost a year with requirements to work-from-home, some organizations were prepared, and some weren’t.  Somehow, we’ve all muddled through and learned to adapt throughout this public health crisis.  

To help you prepare for another work-from-home scenario, here are 5 steps to get your organization moving in the right direction! 

#1 Perform a GAP Analysis

Determine what didn’t go smoothly with your staff during the work-from-home order.  

Now that the dust has settled, look at what did and didn’t work. Analyze how you will manage another work from home order or look for ways to minimize your office footprint with a larger work-from-home mandate within your company. According to a Global Workplace Analytics report, “Our best estimate is that 25-30% of workforce will be working-from-home multiple days a week by the end of 2021.” 

Here are a few questions to get you started. 

  • Did your staff have any issues with Email? 
  • Did your staff have any issues with accessing company files, applications, or databases? 
  • Did staff have any issues with home computers not supporting company needs? 

If you answered yes to any of these questions, I highly recommend talking with your IT Team or scheduling a time with one of our IT Consultants to see how we can help. 

Most of the issues listed above are caused by outdated technology solutions, as it relates to work-from-home best practices. We highly recommend leveraging the Microsoft 365 and Azure ecosystem to support a smoother work-from-home experience.  

#2 Define a Solution 

If internal IT staff is unfamiliar with this type of transition, we highly recommend finding an outsourced IT firm that specializes in this.  

After you’ve spent some time defining what didn’t go well, it’s time to develop a strategy and solution to prepare for your transition. Although this transition will look different for every organization, it’s important to ensure any changes move the organization closer to acceptable WFH standards.  

What are the main elements that need to be considered when developing the right solution for your organization?  

  • Email – Where is it currently, if still in-house, move it to a cloud-hosted solution 
  • Company Data – Where is it currently, if still in-house ensure a solid remote access solution is in place or move it to the cloud 
  • Applications and Database Systems – Is a cloud version available through your software vendor; if so, you should look to migrate to a cloud version, or possibly migrate the server to a cloud-hosted provider 
  • Aging infrastructure with planned upgrade within the next 2- years – If you have plans to upgrade servers and networks soon, it is recommended to look at full cloud solutions 

When deciding on a solution, security should be top of mind. As systems move more to the cloud for anywhere access, security becomes a bigger threat.  

All elements listed can be remedied through the Microsoft 365 and Azure ecosystem. 

#3 Develop a Plan 

By this step, you should be working with an experienced and credentialed team who will guide you through the migration strategy 

With your solution defined it is important to take it slow and plan. Use a steady approach to deploy new systems and ensure staff is sufficiently trained to easily move to a new model for remote work. Whether through a remote desktop session or through a remote work laptop, ensure each user and their use cases are defined and accounted for in preparation for staff migration.  

#4 Implement the Plan 

Implementing the plan itself can be the hardest part, as it requires communication on all fronts for a smooth experience 

As you work with your IT Team and staff to implement the plan, it is important to engage all staff stakeholders, as they all play an integral role in staff adoption and provide an added layer of training within your staff post-implementation.  

#5 Assess and Remediate 

Sometimes everything doesn’t go as planned, so it’s important to work with staff, stakeholders, and your IT Team to recognize and resolve issues ASAP 

Maintaining order while resolving pain points as soon as possible post-migration is ideal for recognizing things that didn’t go as expected or where the staff still need a little more training to properly use the new system.  

If you have any questions about it or would like to see how we can help you move to a more Work-from-Home World, Contact Us! 

Other Articles You Might Be Interested In:

How Integrated IT Solutions Can Help Your Business

How Integrated IT Solutions Can Help Your Business

With technology usage shifting, some business owners are struggling to keep up with all the changes. 74% of small to midsize businesses think effective use of technology is vital to growth. However, using technology effectively is not always that simple. IT problems...

read more
Top 15 Benefits of Managed IT Services

Top 15 Benefits of Managed IT Services

When running a business, information technology (IT) can be complex, time-consuming, and essential. However finding, hiring, and training qualified IT staff members has become more difficult than ever. With long hiring periods due to the specialization of the role,...

read more