4 June 2020

Why Every Remote Worker Needs Multi-Factor Authentication

Why Every Remote Worker Needs Multi-Factor Authentication

With workers going remote, businesses need to increase cybersecurity measures. And multi-factor authentication is one of the simplest, most accessible and most effective ways to add protection.

Life as we know it has changed drastically in the past few months. Many businesses have proven adaptable and resourceful as they have quickly shifted to remote operations for the indefinite future. Though this is good news for the physical safety of employees as we work to slow COVID-19, the cyber safety of remote workforces is another story.

Cyber crime is surging due to this shift and the focus on COVID-19. Reports show that Australian businesses have been targeted with 40% more phishing emails and 15 times as many false invoices and fraud messages than usual during the pandemic.

With such frequent cyber attacks, plus the added upheaval of transitioning to remote work leaving some companies exposed with new technologies and weaknesses, it should be common sense for every company to use multi-factor authentication whenever possible.

What Is Multi-Factor Authentication?

Multi-factor authentication (MFA) is a security enhancement that requires users to provide two or more forms of credentials to log into an account.

You’ve likely come across MFA already, even if you didn’t know what it was. When your email or bank account prompts you to add a phone number or other device to your account, it’s usually to use that device as a second authenticator in case of suspicious login attempts.

What makes multi-factor authentication unique is that your identifiers have to come from two different categories out of three:

  • Something you know (like a password or PIN)
  • Something you have (like a phone, key fob or other physical device)
  • Something you are (biometric indicators like fingerprint or face scan)

MFA adds a second protective layer of security because even if a cyber thief steals your password, they would also need to have your phone, fingerprint or other identifier to access your account. This enormously decreases the odds of an attacker getting through.

In fact, Microsoft found that using MFA can block over 99.9% of account attacks. With numbers like that, using multi-factor authentication is a no-brainer.

We encourage all of our clients to use MFA for all of their systems and accounts, even those not handled by their MSP, such as company email or Google accounts.

For such effective results using such a simple technology, there’s really no excuse not to use it.

Why You Need MFA

The biggest reason companies fail to implement multi-factor authentication is simply because they believe it to be inconvenient. But our motto is security over convenience.

Think of using MFA like wearing a seatbelt. It may take some getting used to at first, but using it quickly becomes second nature, and it’s the simplest, most common-sense way to stay safe.

Many common cyber attacks rely on accessing login information. Hackers can use password sniffers, dictionary attacks and cracking programs to decrypt or obtain your password. Individuals also might inadvertently give up their passwords when they respond to a phishing email.

Once an attacker has your password, if they’re not stopped by additional safeguards, they can often wreak havoc by installing ransomware or other malware, stealing your data and more.

If your business fails to implement MFA, you risk higher chances of a data breach. According to the Ponemon Institute’s 2019 Cost of a Data Breach Report, the average cost of a data breach is nearly $6 million AUD.

Although smaller businesses will, of course, not suffer losses quite so heavy, they do suffer proportionate financial damages; one insurance agency has measured financial losses due to a data breach to be just over $300,000 AUD for businesses of all sizes. And the resulting downtime and reputational losses can be devastating; around 60% of small and medium businesses that are hacked fail within six months.

It is also important to recognise that MFA is becoming a must-have in order to avoid expensive remediation costs that could otherwise have been prevented. A failure to utilise this fundamental step means that breaches suffered due to inaction were ultimately preventable and so will likely not be covered in security remediation plans. And, importantly, closing the hole in your security afterwards doesn’t negate the initial loss—for example, damages suffered if important information has been stolen or if your IT is offline for an extended period.

The Rise of Remote Work

We have long advocated for businesses to use MFA, but as the number of remote workers increases (and is likely to persist even after the pandemic), it is more necessary than ever.

Remote workers are susceptible to cyber threats because employees may no longer be working directly within the organisation’s network. The company may also not have full control over employees’ devices, as some employees may be using their personal devices to do work.

Companies are increasingly using VPNs to connect internally and remotely access their organisation’s intranet. Generally, VPNs are secure because they include end-to-end encryption; however, that encryption does no good if a hacker already has your login information.

Because of this, every remote worker should be using multi-factor authentication to access VPNs and any other accounts that offer access to internal resources.

Don’t Leave Your Business Unprotected

Setting up multi-factor authentication is a simple, effective cybersecurity step that every business should be utilising to protect their systems, both for remote and in-office workers.

If a cyber criminal really wants to discover your password, they most likely can, especially now that remote systems have opened up more opportunities for infiltration. But MFA stops them with another round of protection, with little effort required.

If your accounts aren’t secured with multi-factor authentication, talk with your Managed Service Provider today to get set up.