By Jed Fearon
Yes, yes, yes times infinity. Okay, I think I made my opinion obvious.
While there is no such thing as a silver bullet for 100% cybersecurity protection (even Multi-Factor Authentication AKA MFA isn’t perfect), I can’t think of one reason not to implement it right away.
MFA puts an extra step into the user login experience. Once a user ID and password are entered, the user is prompted to request and enter a special code delivered via text or voice to complete the transaction.
It’s effective because a threat actor would have significant difficulty intervening in this process.
If you already have Microsoft 365 (M365) Business Standard, MFA is included and only runs about $1,200.00 to $1,400.00 for the project to set it up.
One of our clients (before they engaged with us), got hit with a man-in-the-middle attack and transferred $170,000.00 to a felon’s bank account.
For additional inspiration, I will be sharing several examples of what can go wrong and how MFA can be paired with related solutions to keep your IT systems and users protected.
The following four scenarios only scratch the surface. However, if I can stimulate one new idea (and better practice), you’re one step closer to improving the security of your digital assets.
1 – Open-Source Intelligence Exposure
Cyber crooks don’t need to breach heavily fortified IT systems to gather personal data. Instead, they take bits and pieces we openly share on social media sites like Nextdoor, LinkedIn, Facebook, Evites, and personal blogs.
Phone numbers, email addresses, and dates of birth can be easily collected and harnessed to launch multi-faceted phishing campaigns.
Professional criminals know how to figure out your passwords simply by studying your interests (exotic cats, patriotism, and gardening) to launch brute force attacks on thousands of accounts simultaneously.
2 – Shadow IT Risk
Even the best trained MSP clients can be caught off-guard. The opportunities are endless when so many of us access unsecured Wifi networks and use personal Yahoo Mail and Gmail accounts for business.
HP has a fantastic commercial with Christian Slater that shows how easy it is for a device to get infected. Spoiler alert: don’t share corporate laptops, workstations, or tablets with your gaming fanatic kids.
Learn More: HP Wolf Security
When one network gets infiltrated, millions of other networks are suddenly within reach.
3 – Backup Fails
Having a comprehensive backup plan is one of the strongest weapons you can employ to avoid downtime, reputational harm, severe data loss, bankruptcy, the prospect of being manipulated into paying a gigantic ransom, and more.
According to Antony Adshead, Storage Editor of Computer Weekly, “The number of respondents that reported inadequate backup or failure to meet service level agreements (SLAs) rose to 40% in 2021 from a pre-pandemic 31% in 2019. Digging down into that, backup failure rates are quite staggering, with 37% of all jobs failing and 34% of restores failing.”
Learn More: Backup Failures Hit A High
4 – Email Infiltration
As the cybersecurity awareness training experts at KnowBe4 report, “Your email filters have an average failure rate of 7% to 10%.”
This figure is not an exaggeration. I’m employed by an Inc. 5000 ranked MSP with a powerful combination of Cisco Security, M365, Duo, Proofpoint, and Sentinel One and I routinely receive “socially engineered” emails I wouldn’t dare click on or respond to.
Learn More: What Is Social Engineering?
I mention four things that can go wrong to emphasize how MFA can play a role in making more things go right.
It isn’t statistically probable that everything you have in place will fail or be strained at the same time but it’s important to employ a portfolio of measures so the odds are in your favor.
Is it worth spending a one-time fee of less than $1,500.00 to avoid losing 100 times that amount?
The MFA available within M365 is only one of many solutions. Curious about what else is out there? We help our clients find the right one for their unique requirements.
We do IT differently.
Find out what sets us apart from all the other IT companies out there.