In this blog, I will discuss remote working and why multi-factor authentication is crucial for security. Due to current CDC regulations surrounding COVID-19, area employers are requiring employees to work remotely. Therefore, we’ve potentially opened ourselves to new vulnerabilities and threat actors just waiting to take advantage. One option to help mitigate some of this risk is through deploying multi-factor authentication. 

What is multi-factor authentication?

Multi-factor authentication (MFA), also referred to as two-factor authentication, is a security enhancement that requires a user to provide additional pieces of evidence before logging into an account. Ultimately, MFA helps prevent unauthorized access to the protected account if your credentials become compromised.

Why is multi-factor authentication critical to protecting us?

Aside from the most recent events forcing many to work from home, we’ve been living in a world where passwords alone are no longer sufficient to protect our valued information.

A password by itself is a single form of authentication. If someone else has your username and password, they potentially have access to all resources that specific account has access to.

Let’s take emails for example. We see email as the primary means of communication to external parties. Often, sensitive data is also exchanged. Over the last 12 months, we’ve seen a large increase in email account password compromises. And unfortunately, without proper security, the number will continue to climb.

According to Microsoft’s blog, enabling MFA can reduce account compromise up to 99.9 percent. Thus, bringing the chance of stolen credentials down to almost zero.

Consider this:

• 81% of breaches are caused by credential theft.
• 73% of passwords are duplicates.
• 50% of employees use unapproved apps.

By leveraging MFA technology, you add additional account security that protects every employee from compromised credentials. (This protects not only your users, but organizational data as well.)

Implementing multi-factor authentication

First, implementing MFA can be done in a variety of fashions, depending on the technology you’re using. For example, we’ve seen successes with Office 365 and Microsoft 365, G-Suite, and Microsoft Azure. Consider other applications both internally and cloud hosted that you could protect as well – don’t think MFA should be limited to these. 

Next, there is a variety of brands providing MFA solutions. With that, it is vital to understand which are the most conducive to your technology stack, and more importantly, to your end users. So, ask yourself: will this solution be complicated for my employees to use? Most users understand the need for additional levels of security, however choosing a method that impacts them the least (while providing acceptable levels of security) is important for adoption.

Finally, before moving forward with an implementation, make sure you have a plan and you’ve communicated to those impacted. This will be a change for most users and the more you communicate the changes and why multi-factor authentication is crucial for security, the smoother the transition will be for them.