One of the biggest challenges when it comes to cybersecurity for businesses in Rhode Island and the rest of the world is keeping accounts secure and protected from being breached. Many business applications and online accounts are protected only by the strength of the password needed to get in. And in many cases, this isn’t enough. There are two key factors making it difficult for companies to ensure proper cybersecurity when it comes to login credentials:
- The growing number of database breaches that expose millions of user passwords that are then sold; and
- Poor password habits by users
Credential theft has become a lucrative endeavor for many cybercriminals. Passwords that are hacked or stolen in large database breaches continue to be a hot commodity. For example, stolen Office 365 account passwords can fetch anywhere between $15 to $100on the Dark Web. The number of annual insider threat incidents due to stolen credentials has nearly tripled within the past two years to 2.7 incidents per organization.
Poor Password Habits
When it comes to employees setting strong passwords, many businesses face an ongoing challenge. While most users know that they should be setting strong, long, and unique passwords for every login, they don’t. Most users have so many account passwords to remember, that it becomes a nearly impossible task and they fall into bad password habits, including creating weak passwords and reusing them over multiple accounts. According to the 2020 State of Password and Authentication Security Behaviors Report, here are some of the problems that companies face with securing passwords:
- 39% of users reuse passwords across their work accounts
- 51% of employees share their passwords with colleagues
- 56% of employees that use a personal device to access work data don’t use multi-factor authentication
One proven method of securing login credentials, despite bad password habits and the growing number of account password breaches is to us multi-factor authentication (MFA).
How MFA Can Stop Almost All Attempted Account Breaches
Multi-factor authentication, which is also known as two-factor authentication (2FA), is extremely effective at preventing accounts from being breached, even if the hacker has a compromised password. MFA works by requiring another form of user authentication beyond just the password. Typical forms of login authentication include:
- Something you know: A password or answer to a challenge question
- Something you have: A device to which an authentication code is sent
- Something you are: A biometric, like a fingerprint or retinal scan
Most logins require the first form of authentication, something you know, which is your username and password. With MFA enabled on an account, a second authentication factor is added, which is typically in the something you have category. The most common is a 6-digit authentication code sent to a user’s device that needs to be entered to complete login. This one simple step added to all your business account logins can significantly decrease your risk of a password breach.
How Effective is Multi-Factor Authentication?
Both Microsoft and Google participated in studies on the effectiveness of MFA/2FA for preventing account breaches. Both found that using this additional step of authentication is extremely effective at protecting accounts from hackers. Microsoft noted that their cloud services see over 300 million fraudulent sign-in attempts daily and that the use of MFA was found to block 99.9%of account hacks. 81% of data breaches involve credential theft. Google found that using MFA in the form of a text message sent to a user’s phone was able to stop 100%of automated bot attacks, 96% of bulk phishing attacks, and 76% of targeted attacks. When an on-device prompt was used for the method of code delivery, those numbers increased to stopping 100% of automated bots, 99% of bulk phishing attacks, and 90% of targeted attacks.
Implementing a Multi-Factor Authentication Strategy
There are a few different ways that you can implement a multi-factor authentication strategy for your business. First, you want to identify all the different account logins that your employees use and categorize them by type. For example:
- Cloud application
- Remote login
- Internal company application
You can enable MFA for your accounts by:
- Turning It On in Each App: For example, if you use a cloud solution like Microsoft 365 (formerly called Office 365), then you can turn it on for all users in the administration settings.
- Using a Cloud Security App: You can streamline the user MFA experience and make administration easier by using one platform, like Microsoft Cloud App Security, that can apply MFA for all your cloud platforms in a single place.
- Using MFA with a Password Manager: A password management application can both help users remember strong, unique passwords and ensure those passwords are protected by MFA.
Get Help Preventing Data Breaches at Your Business
Onsite Techs of Rhode Island can help your company develop an overall cybersecurity strategy that includes password protection, solid network security, and more. Contact us today to set up an IT security consultation at 401-415-6290 or reach out online.