The past two years have seen record-breaking levels of cyber crime and related losses. As technology becomes ever more integrated in society and criminals become more sophisticated, this trend can only be expected to continue. The common denominator in many successful attacks often boils down to one thing: human error. Whether it’s clicking the wrong link, failing to install updates, sharing a password, or even leaving an electronic device where it can be easily stolen, when it comes to cyber crime, we are often our own worst enemy. In fact, an estimated 95 percent of cybersecurity breaches are due to human error, and these errors are costly. According to IBM, the average total cost of a cybersecurity breach in 2023 was $4.45 million, a 15 percent increase over three years. Fortunately, one of the most effective cybersecurity methods is also the easiest. Don’t give up the keys to your kingdom – protect your data by implementing multifactor authentication whenever possible.

What is multifactor authentication?

This cybersecurity principle goes by several other names, including strong authentication and two-factor authentication (2FA). Multifactor authentication, often abbreviated to “MFA,” is the practice of using more than one method of authentication, (i.e., credentials) to verify a user’s identity before accessing sensitive information.

The three most common types of credentials are:

These credentials can be thought of as multiple types of “keys” that all go to the same door. While the idea of wading through multiple locks may sound frustrating for end-users, in the virtual landscape it can be an extremely effective security tool. In the case of cybersecurity, adding just one extra lock to the proverbial door to your organization’s data can mean the world of difference when other more traditional credentials become compromised.

Protect your data by implementing multifactor authentication

The most common example of MFA today is the combination of a username and password (things that you know), which is then followed by a one-time randomly generated verification code (something you have) sent to a secondary, trusted device by either text, call or email. This system has a variety of benefits:

When to protect your data by implementing multifactor authentication

The short answer is: always. If MFA is available, it should be enabled immediately, and if it’s not readily available, it should be implemented as soon as possible through alternate means. Remember, the more locks that are on the door, the harder it is for a thief to gain entry.

In more specific terms, the following types of accounts should always be required to be safeguarded through the use of MFA in your organization’s cybersecurity policies and procedures:

It is strongly recommended that your organization require that these and similar types of accounts to be protected with MFA at a minimum. Employees and volunteers should also be encouraged to become familiar with the concept of MFA and make use of it in all the systems they use while carrying out their duties.

Our own worst enemy

Remember, human error is often the greatest common denominator when it comes to successful cybercrime. It’s not a question of “if” someone in your organization slips up – it’s “when.” That being the case, making sure there are additional locks on your sensitive data – and extra “keys to your kingdom” – can make a big difference between a successful cyberattack and a thwarted breach when traditional credentials are compromised. As cybercrime and losses continue to escalate, protect your data by implementing multifactor authentication whenever possible.

Resources:
CISA: Multi-Factor Authentication

For more information regarding cybersecurity, see the following publications from the Cybersecurity & Infrastructure Security Agency (CISA):

CISA: Cybersecurity 101

CISA: Phishing & Spoofing

CISA: Creating a Password

Have questions about cyber security? Contact your Preferred Loss Control Consultant.