As you probably already know, cybersecurity threats are increasing every day. Small businesses are not immune to this. Just because you are not a 100-million-dollar enterprise does not mean you are not a target for opportunistic criminals.
One of the easiest ways for cyber criminals to do their damage is to trick you or one of your employees into giving up their login credentials. This is much easier than you think — all they have to do is make someone think they are on a real site and prompt for credentials. Once the user enters those credentials, they are compromised.
Multifactor protection is a powerful tool for preventing access to your systems even after an employee’s credentials are compromised. Because credentials are so easily compromised, if you don’t have multifactor protection, setting it up should be your top priority.
If you have a Managed Service Provider(MSP) they can help you with the setup. If you don’t have an MSP or they never brought this up to you, we can help.
Understanding Muti-Factor Authentication (MFA)
Multi-Factor Authentication is something you are probably already familiar with. You almost certainly use it for your online banking. It involves some other way of validating your login after you have entered your username and password. This can be a text message to your cell phone, a code sent to your email, or entering a code from an authentication app like Google or Microsoft Authenticator.
There are many variations on how to do multi-factor authentication and many nuanced ways it can work. But, the important thing is to get one of them in place.
How Difficult Is Implementing MFA?
Implementing MFA isn’t a technically difficult project. But, it can take some time and effort since it will affect everyone in your organization. And it will add another layer of things to do to get logged in to your email or other services. It will also complicate support issues and your staff will have to be more involved than they were before.
However, you have to insist that your employees cooperate with the installation and set-up. Your MSP will do the technical work, but you and your staff will be involved too. You will have to communicate the importance of this project to everyone and tell them, “No whining! Just do it.”
It won’t be easy, but it won’t be that difficult either. Just get it done and you will feel better about your security situation. Well, you will feel better until you start thinking about the next layer of security you need. But don’t worry about that now. If this isn’t done, get this done first.
The Consequence of a Breach
Think about what it would be like to have someone inside your email without you knowing about it. It’s a pretty serious breach. They can now get into your banking and other private systems. They can transfer money, divert funds from customers, log in to other accounts that have the same passwords, etc. And they could even take your company secrets, insert themselves into your communication, etc. It’s a mess!
MFA Is Good But It Is Not Perfect
When MFA was first being implemented, I started to think, “Okay great, now we finally have a way to keep people safe in their email.” Well, pretty safe. But as the saying goes, “Nothing is foolproof because fools are so ingenious!”
I have seen people defeat their own MFA by approving a login on an app even when they are not trying to log in to anything. That will allow an attacker to get in. I have also seen people enter credentials and the MFA code into a fake site, too. So, as always, training is also very important.
Swiss Cheese Security
Security is all about layers. Multi-factor authentication is just one layer in a series of layers you will need to implement. Training is another layer, and there are many more. This layered approach to security is sometimes called the Swiss Cheese approach. Each layer has holes, so the idea is to put enough security layers in place so that the holes don’t all line up in the same place.
The last layer is cyber insurance, so even if all the holes ever do line up, you will have plenty of resources to throw at the problem.
If you don’t have enough layers or you wonder if you have done the best you can, ask your IT provider. If you don’t have a good IT provider that you can trust, give us a call or fill out the form below. We’ll be happy to talk with you about this important topic.
