The cybersecurity hits just keep on coming in 2020, with recent reports revealing ransomware attacks on mobile banking applications, international software companies, municipal governments, and private universities alike.
According to technology news company CRN, victims of the 11 biggest ransomware attacks of the year have spent nearly $150 million mitigating the effects of these breaches. Those effects range from having stolen data sold on the dark web to having company secrets aired in public—all of them devastating on different levels depending on the company.
The common thread, however, is that many of these attacks spiked after the COVID-19 pandemic began in March. Cyber thieves targeted an Israeli company after its 2,500 employees shifted to working from home but before multi-factor authentication (MFA) was implemented to secure remote access for those workers. MFA is a login process that requires something a user knows—his or her password—with something a user has—typically a unique, time-based one-time password (TOTP) or push alert delivered by a dedicated app, a text, or an email.
Meanwhile, the FBI warned that hackers were increasingly targeting mobile banking apps with malware, Trojan viruses, and spoofed apps designed to steal credentials and take over the compromised device. The success of such attacks was based on the fact that millions of consumers across North America were avoiding bank branch visits and instead using smartphones more to conduct regular banking business.
How can MFA help to mitigate such problems?
By eliminating the threat that weak or stolen passwords pose to overall cybersecurity for individuals and for companies. Once a weak or reused password has been stolen by cybercriminals, they can threaten entire systems and networks by installing malicious code, redirecting users to illegitimate sites, seizing personal information and demanding ransom for its return.
All of this can be prevented by giving multi-factor authentication the attention it deserves. Individual users should activate MFA on every account possible, particularly for email, social media, and financial accounts. Businesses should consider the enhanced security features offered by more robust authenticators, instead of just opting for the first free tool they encounter.
Depending on the size of a business and the industry in which it operates, security differences can exist between a multi-factor authentication tool that uses TOTPs or push-enabled alerts and one that relies solely on text or email messages. Many larger organizations, particularly in the data-sensitive industries of health care, financial services, and higher education, have made push-enabled MFA mandatory for all users and all logins. That adds an extra layer of important protection around data, applications, devices, and networks—all of which is critical in today’s rapidly changing online landscape, with millions of remote workers learning new platforms and accessing sensitive information from thousands of new access points.
So what can your business do to stay safe?
1) Identify a trusted IT partner who takes MFA seriously.
Proceed with caution before you deploy a new tool that changes your company’s login process. IT providers can help you compare and contrast different authenticators, which are not one size fits all. A reliable business partner can identify the specific needs of your business, address any existing cybersecurity gaps, and decide which authentication method has the necessary security enhancements that work for your data, your employees, and your industry.
2) Make sure your IT provider walks the walk.
Once you’re ready to work with an IT partner, ask them about their own internal culture of cybersecurity. Have they rolled out MFA for all of their employees? Have they outlined every step of the MFA process with their own third-party vendors? Have they implemented contingency plans in case security incidents impact internal operations and external clients? At CMIT Solutions, we hold comprehensive cybersecurity up as one of the core values supporting our ultimate mission statement: protecting our clients and their data in the same way we protect our own.
3) Use a password manager to further streamline the login process.
Once you’ve decided on the right multi-factor authentication tool for your business, add on another layer of security by using a password management tool that can update weak or reused passwords with strong, singular strings of characters unique to each platform. Those individual passwords are then encrypted, requiring each user to remember only one master password for access. Password managers have their own pros and cons, so working with a trusted IT provider to deploy one is important.
With ransomware attacks on the rise and data breaches affecting companies of all sizes, multi-factor authentication (MFA) represents a critical step toward more comprehensive cybersecurity. And this important tool should fit in seamlessly with the day-to-day operations of your business and the workday rhythms of your employees, making the login process easier AND more secure, not more difficult and therefore subject to more digital threats.
Want to know more about MFA and how it can keep your business safe? Unsure whether your employees are actually using strong passwords? Looking to add another layer to the IT defenses protecting your data? Contact CMIT Solutions today. We take cybersecurity seriously, defending your data and empowering your employees to work smarter and safer.