Cybersecurity Tuesday Tip: Enable multi-factor authentication

Cybersecurity Tuesday Tip: Enable multi-factor authentication

By Travis Thompson, ATSSA Director of Information Technology

Travis Thompson

Has your email ever been hijacked by a bad actor? Perhaps you received a weird email from a business contact asking you to click a link and enter your username and password. Or maybe you have a Facebook friend whose account always seems to get hacked.

Chances are, you or someone you know has been the victim of an account compromise. And you have probably wondered: Isn’t there a way to better protect my account?

Good news – there is! According to Microsoft, 99.9% of compromised accounts don’t have multi-factor authentication enabled, which leaves them vulnerable to attacks by bad actors.

This month, which is Cybersecurity Awareness Month, we’re offering tips each Tuesday to help protect businesses from cyber threats. Today we look at enabling multi-factor authentication.

Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to an application or system, such as email. The first factor is commonly a password or PIN. The second factor may be approving a login attempt via an app, like Duo or Authenticator, on a smartphone; entering a code from an authenticator app or SMS message; or answering a phone call.

By combining these factors, multi-factor authentication provides a higher level of security than single-factor authentication, which relies solely on a password. This helps protect sensitive information and systems from unauthorized access.

This video from the Cybersecurity and Infrastructure Security Agency (CISA) offers some insights on the topic.

Enabling multi-factor authentication is simple and takes just a few minutes. Below are links to instructions on enabling multi-factor authentication on a few common email and social media platforms:

• Facebook
• Gmail Account
• Google Workplace (For Businesses)
• Instagram
• Microsoft (For Businesses)
• Microsoft Outlook
• Yahoo

But don’t stop there! Enable multi-factor authentication on bank, insurance, medical, mortgage and payment apps to protect against bad actors.

For Business Leaders

For business leaders, it is critical to protect personal and business accounts with multi-factor authentication. Additionally, take the steps below to protect your business operations from bad actors.

1. Implement single sign on, which allows users to access multiple accounts with one set of credentials, with as many business applications as possible. When these credentials are protected with multi-factor authentication, the associated business applications will be as well. Plus, it is a lot easier to protect one set of credentials than a dozen!
2. Verify that multi-factor authentication is required for all users of the following types of software:
   1. Cloud Storage: Such as OneDrive, Google Drive, Dropbox etc.
   2. Collaboration and Communication Tools: Such as Microsoft Teams, Slack, Zoom etc.
   3. Customer Relationship Management (CRM): Such as Salesforce, Dynamics 365, HubSpot etc.
   4. Email Services: Such as Microsoft Outlook, Gmail etc.
   5. Financial and Accounting Software: Such as QuickBooks, Xero, SAP etc.
   6. Human Resources Systems: Such as Workday, ADP, BambooHR etc.
   7. Project Management Tools: Such as Autodesk, Buildertrend, Procore, Wrike etc.

Multi-factor authentication is an essential part of your multi-layered approach to defending your personal and business accounts from bad actors. But there is one more critical layer of security. Tune in next Tuesday to learn about keeping software up to date.