Cybercrime is a burgeoning business. The World Economic Forum reports that by 2025 the global cost of cybercrime could reach $10.5 trillion annually. Individuals, businesses, and governments must work diligently to protect sensitive data. For businesses, one of the most common entry points for intruders is through compromised or hacked passwords used to access company data. While advanced technology solutions are constantly evolving, one of the most effective and straightforward methods of protecting business data today is multi-factor authentication.

Below is a general overview of how multi-factor authentication works, the type of systems that may be protected by using it, as well as a few best practices for creating a robust cyber security risk mitigation plan.

How Multi-factor Authentication Works

Complex passwords do help thwart cyber criminals, but all passwords are vulnerable to compromise. Multi-factor authentication (MFA) introduces an additional layer of protection to any online sign-in process by requiring users to prove their identity in at least two distinct ways. By requiring multiple credentials, even if one password is hacked, the likelihood that the other credentials are also compromised is greatly reduced.

Typical methods of establishing identity include:

• A password selected by the user,
• A code sent to a user’s registered phone number or email address; or
• A biometric such as a fingerprint or retina scan.

Many of the most secure MFA systems require time-based, one-time passcodes (TOTP) which are generated by an algorithm that uses the current time of day as one of the authentication factors. This means that even if a user’s password has been compromised, an attacker cannot gain access to your system without the TOTP, which quickly expires. TOTPs are generated through downloaded authenticator apps that are readily available from third-party vendors such as Google or Microsoft.

Systems Protected by MFA

A wide range of today’s businesses have employees who work at least part of the time from remote locations. Even employees working onsite frequently must log into shared networks and email accounts. For most businesses, providing secure access to data systems—whether stored on the cloud or on-premise—is crucial to continuous business operation. Without the proper MFA in place, a business has an increased risk of experiencing cybercrime, including ransomware attacks, which can have serious financial and organizational consequences. MFA can provide essential protection against intruders seeking to corrupt the data you rely on most. Below are examples of the types of systems for which MFA provides an extra layer of protection.

Shared Networks

Modern businesses operate using information stored on shared networks and in order to execute their work, many employees need regular and reliable access to it. MFA can protect your entire organization from attackers who may gain entry through a single lost or compromised password.

Email

Email is one of the most common ways for attackers to perpetrate cybercrimes. By entering through email, attackers can threaten your business and also expose your clients and customers to risk, potentially resulting in damage to your operation, finances, and reputation. MFA can greatly reduce this risk.

Confidential data

Sensitive data—financial records, social security numbers, healthcare, and other privileged employee information—is often kept in a protected area on a business’s server. If intruders hack the gate and introduce malware, the damage could be catastrophic. A relatively simply MFA system adds significant protection against such attacks.

Best practices

Like all modern technology, MFA solutions are constantly evolving. Businesses must work closely with their technology partners to provide a holistic solution that protects their entire digital footprint. In addition to MFA, organizations should consider:

• Requiring employees to use complex login credentials that frequently change,
• Installing a firewall,
• Making sure devices are updated with the latest security software and patches,
• Prohibiting the sharing of files through email, and
• Creating and communicating a digital security protocol that is regularly updated.

Answering Your Questions About Cyber Risk Insurance

As cybercrimes have risen, so have the number of cyber-driven claims. Most carriers offering cyber risk insurance are increasing their scrutiny into how businesses are protecting themselves from cyber threats and many are now asking their clients to adopt multi-factor authentication for remote access to their systems. Even with the best security protocols in place, however, cyber attacks can happen. If you have questions about how to protect your business from damages related to cybercrime, talk to your Eastern Insurance Group representative about cyber risk insurance today.