Why You Need to Be Using Multi-Factor Authentication Company wide
Weak or stolen passwords are responsible for approximately 63% of all data breaches. This is why the purpose of many phishing campaigns is to steal user login credentials.
Office 365 users have seen an increase in scams specifically designed to steal their login credentials, such as fake SharePoint file sharing invitations that lead to a spoofed login page.
Passwords hold the key to gaining legitimate entry into a system, and when they’re signed in as a legitimate user, as hacker can gain access to much more than if they don’t have that credential. Some of the benefits of a hacked password that make them so appealing to cyber-criminals are:
- Gives them the ability to access cloud storage systems.
- They can send out phishing email to coworkers and contacts posing as the account that was hacked.
- They can gain certain system privileges if the account they have the password for is an administrator.
- May be able to access company directories giving them personal details to use in targeted phishing attacks.
The Problem with Bad Password Habits
While most businesses and their employees understand the danger of passwords being stolen or hacked, bad password habits still run rampant in offices because they’re just too hard to manage and remember.
Some statistics from the 2020 State of Password and Authentication Security Behaviors Report show just what companies are up against when it comes to trying to secure employee passwords.
- 42% of organisations rely on sticky notes to manage passwords
- 39% of people reuse the same passwords between work and personal accounts
- 51% of employees admit to sharing passwords with colleagues
- 64% of people don’t use multi-factor authentication to secure personal accounts
How can Sydney businesses combat the problem with poor password management practices and keep their networks secure?
Deploying multi-factor authentication (MFA) for all their company logins is the answer. We’ll explore how effective MFA is and why you should be using it companywide.
How Multi-Factor Authentication Stops Password Breaches
You could have the best security in the world when it comes to password management and still have a breach of your password. This is because increasingly, retailers, cloud providers, and others with whom we have an online account, are having their databases of user information breached.
Due to the reuse of passwords, this means that just one account being breached with an online service provider could give a hacker the account login for multiple other accounts that use the same information, and hackers know this.
The best and most secure way to protect your company from a password-related data breach is to use multi-factor authentication.
How MFA Works
When you enable multi-factor authentication on your company logins that means that just a username and password credential alone, won’t allow access to the application or data.
MFA adds another factor of authentication, which in most cases is a one-time, unique PIN that’s sent to the user, either through an SMS to their smartphone or a device prompt. This PIN has to be entered within a certain period of time, usually 5-10 minutes to complete the login.
From the user perspective this takes just a few additional seconds to click a button to generate the PIN and then enter that code to complete the login.
From the hacker perspective, it stops them in their tracks, because it will be highly unlikely that they will have access to the device that receives the PIN.
From the company perspective, MFA solves the problem with weak or stolen passwords and keeps hackers from breaching their system.
According to Microsoft, MFA stops 99.9% of account breaches.
How Effective Is MFA?
In short, extremely effective. Here are some statistics from Microsoft and Google on the security benefits of using multi-factor authentication.
There are approximately 300 million fraudulent sign-in attempts on Microsoft cloud services every day. Microsoft studies on account security showed that enabling MFA stopped 99.9% of account breaches due to hacked passwords.
A Google study looked at how different types of MFA impacted different types of password-related breach attempts.
They looked at when the PIN was sent:
- Via an on-device prompt
- Via SMS code
- Via a security key
Their findings showed the following:
- Percentage of automated bot attacks stopped
- Device prompt:100%
- SMS code: 100%
- Security key: 100%
- Percentage of bulk phishing attacks stopped
- Device prompt:99%
- SMS code: 96%
- Security key: 100%
- Percentage of targeted attacks stopped
- Device prompt:90%
- SMS code: 76%
- Security key: 100%
Implementing Multi-Factor Authentication
Businesses have two main ways they can approach the implementation of multi-factor authentication, which is also referred to in some software as two-factor authentication.
Approach 1: Turn on MFA at the application level. For example, administrators can flip a switch in the Office 365 admin panel that will turn on MFA for all the users on their account.
Approach 2: Use a cloud-based user authentication platform through a service like Azure that will give you robust control over MFA throughout all platforms your organization uses and include the ability to add location-based factors, like additional challenge questions based on where a device is located.
Need Help Implementing MFA at Your Business?
No matter what services or sites you use, GKM2 can help your Sydney area business implement multi-factor authentication to protect your data and help prevent a costly data breach.
Contact us today for a free consultation. Call +61 2 9161 7171 or reach out online.