Making Multi-Factor Authentication Work for You
by Paddy Srinivasan, Chief Product & Technology Officer, LogMeIn
Given the rise of the Delta variant in the U.S, more employees are working from home than ever before. However, as convenient as remote work may be for employees, it’s not as convenient for IT teams. Data breaches and cyber attacks have increased by 238% during the pandemic, and remote workers are only feeding the problem. This is especially an issue for the public sector, as Verizon’s Data Breach Investigations Report found that government agencies accounted for the highest number of breaches of all sectors studied (17 percent) in 2020. State and local employees have found that many back-end operations cannot be managed remotely, opening up the possibility for vulnerable access points. IT teams are struggling to come up with account management solutions for remote employees that are secure and easily implemented company-wide.
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its cyber bad practices to include single-factor authentication (SFA) on the list of “exceptionally risky” cybersecurity operations. This list includes practices that open up the potential to expose critical infrastructure, as well as the government, to threat actors looking to expose sensitive information. With many organizations still operating remotely, logging on to an account using SFA can provide an easy entry point for a cybercriminal. How can IT teams protect employees working in the public sector from threat actors without disrupting day-to-day operations? They should implement multi-factor authentication (MFA).
Heightening Security Using MFA
Across the public sector, IT teams of all sizes are quickly realizing that there are wide gaps in their cyber hygiene and security strategies. With 80% of data breaches occurring as a result of weak or reused passwords, IT teams need to require an additional layer of security to ensure their sensitive information remains secure without the risk of slowing down operations. MFA is the most effective method to protect against these cyber attacks.
In fact, recent research found that 62% of IT decision-makers believe MFA is the most effective way to secure an organization. While SFA only requires one method of authentication to log into accounts, such as a password, MFA requires two or more methods before granting access. These methods may include something an employee knows (a password) and something they have (a phone or fingerprint). The convergence of two or more modes of authentication can more accurately verify that a person is who they claim to be and has the ability to access sensitive information. Since passwords have proven again and again to be unreliable and vulnerable to attacks, implementing MFA on all devices adds the strength needed to secure sensitive information.
The main challenge IT teams face when implementing MFA is finding the right balance between accessibility and security. Employees should not feel as though they are wading through clunky software and experiencing unnecessary friction during their workday. This is why using biometrics in MFA utilizes assets an employee already has on hand – their smartphone and their fingerprint – to ensure a convenient and secure login. Biometrics offers employees a seamless authentication process and a higher level of security. With a quick scan of a fingerprint or face, employees can securely gain access to work resources and sensitive information while allowing IT teams to gain increased control and visibility.
The era of working from home has catapulted IT teams into more challenging roles given the increased risk that remote employees bring, particularly for government agencies, where data security is of the utmost priority. With exposed remote access points and rapidly growing online government services leaving IT teams in the dark, the public sector faces a strong risk of security breaches. In order to effectively balance account and password security with user experience, IT teams looking to pivot their security strategies to the defensive should ensure all access is granted through MFA.