Passwords are meant to protect your valuable business information from hackers, but unfortunately you can no longer rely on passwords alone!
The Trouble with Passwords
In fact, most security professionals view passwords as the weakest link in the security chain, for a couple of reasons. For starters, we often choose weak passwords.
Guess what the most popular password was in 2020?
123456. Yeah, not great!
We also tend to share them with colleagues, write them down on yellow sticky notes, use the same password for multiple applications, and neglect to change them (unless forced to by automated reminders.)
In fairness, most employees do their best to adhere to company password security guidelines, but they’re still human – which means they make mistakes.
Spear Phishing Emails are Your Worst Enemy
Even when we do follow password best practices, we’re still at risk.
That's because hackers have become super sophisticated at stealing user credentials, primarily through a tactic called spear phishing.
Spear phishing is a common type of cyber attack in which the bad guys craft detailed, targeted email messages to a specific recipient or group. The goal is to convince users to click on a malicious link or attachment and fool them into providing sensitive information such as passwords.
These emails are getting harder to detect, and are often disguised as pay raise notifications, employee satisfaction surveys, rewards programs and other legitimate looking requests.
Worse, at first glance they will appear to be from a colleague, a boss, or a partner, making it hard for busy employees to catch that its actually a phishing email.
(Note: Don’t forget the importance of Phishing Prevention Training for your employees. It’s another important piece of your cybersecurity practice to go along with an MFA program that helps keeps hackers out!)
Stop Hackers in their Tracks with MFA
Stolen usernames and passwords are one of the top causes of security breaches in the United States, and as mentioned, they’re primarily retrieved through phishing emails. Once an unsuspecting user clicks on phishing link, the hacker is now able to gain access to the organization and deliver the malicious payload which is frequently ransomware.
MFA based authentication is simple to use, extremely cost effective (think a couple of bucks per user) and yet surprisingly, the majority of small to mid-sized organizations still don’t use it!
How Does Multi Factor Authentication Work?
Multi factor authentication makes sure that only verified users can access online applications by requiring an extra form of authentication, e.g. not only a password, but an additional "factor" which is typically something the user has on them, such as a smartphone.
As an example, after a user enters their name and password to access an online business app, they’ll be sent a time passcode or push notification to their mobile phone through text or authenticator app. One tap verifies that the user has the registered device in their possession, and immediate access is granted.
MFA can protect a wide range of applications and sensitive data, from your VPN, to Remote Desktop Services, to Microsoft Office 365, Salesforce, and more. Quick to implement and easy to use, there really is no good reason to delay taking advantage of such cost-effective protection for your business.
Get More Information on Multi Factor Authentication
If you would like to learn more about the Ntiva managed service offer for MFA, download the data sheet below which will give you all the details on how we can help protect your organization!