Cyber Insurers Mandate Multifactor Authentication


August 2, 2021

We’ve seen a lot of cyberattacks over the past few years. Way too many to count or try to name. The unfortunate thing about a cyberattack, and the nefarious after-effects is most of them are avoidable and caused by lax cybersecurity postures like bad password hygiene, etc.

We’ve also seen a sharp increase in cyberattack insurance claims. Industry, it would seem, is more interested in holding an insurance policy than any type of lifting, heavy or otherwise to improve the lax cybersecurity posture mentioned above.

However, like most insurers in other verticals, cyber liability insurers don’t like paying out when something happens. They will (hopefully) but they’re getting pretty tired of paying for situations that could have been easily avoided if better practices had been put in place.

For example, many cyber liability insurers now require Multifactor Authentication (MFA) before they even consider insuring a company. Since 4 out of 5 cyberattacks occur due to password fumbles (according to Verizon’s 2021 Databreach report). Since MFA is something easily implemented via built-in security features or handy third-party products (like OneLogin and Cyberark), we thought a primer on the topic might be useful for you, dear reader.


What is Multifactor Authentication?

Multifactor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).

Multifactor authentication is a major part of securing important information systems from potential threats. It provides a secondary layer of credentials that need to be provided in order to access sensitive data.

While some users prefer easy SMS message two-factor authentication, there are actually many different types of multifactor authentication:

Biometric scanning: Fingerprints, iris and retina scans, facial recognition software, voice recognition software, hand shape, and other physical variables.

Location factors: GPS tracking, used in many smartphones, can be used to ensure that logins are occurring from legitimate devices rather than from illogical IP addresses.

Possession factors: If a user has specific devices on their person, like a key card or a smartphone, they have access to several forms of multifactor authentication procedures.

Remember, by using multifactor authentication, you’re making it twice as difficult for hackers to access your data, which mitigates much of the risk. By taking advantage of multifactor authentication tactics, you can limit your data’s exposure to threats and maximize security.


Multifactor Authentication Technologies

Depending on what type of authentication protocol you use, you’ll have either a hardware-based device or a software-based security token. An example of a hardware-based security measure is a USB dongle that acts as a key to the device, while software-based tokens generate a security code that is sent to a smartphone.

There are many other types of multifactor authentication, like those that take advantage of biometrics, but due to the incredible popularity of smartphones in the business world, the most common methods of multifactor authentication are by far SMS messages that are sent to a user’s smartphone.

Other security practices that are seen quite often are employee ID cards and GPS technology that verifies the location of the person accessing the account or building. Some people are even hardcore enough to embed smart chips in their hands, but that’s a topic to discuss another day. Basically, executives and IT professionals are doing whatever it takes to ensure that their physical and digital infrastructures remain secure from any and all trespassers.

Your business needs to take advantage of the most powerful security solutions on the market if you want to ensure that your business’s assets are protected from all kinds of threats.

Carl Keyser is the Content Manager at Integris.

Keep reading

The Password is Dead: Introducing MFA

The Password is Dead: Introducing MFA

As luck would have it, “password12345” just isn’t cutting it for account security anymore. The password is dead: more and more headlines are using this phrase to describe severe security issues with the average password. It’s true that bigger and bolder hacks have...

Nine Rules For Strong Password Creation

Nine Rules For Strong Password Creation

Do your employees know how to create a strong password? Is authentication management a priority at your company? If you're answering no to either question, you could be placing your organization at serious risk. Why? Because guessing employee logins is one of the key...

Zero-Trust Architecture: What is it and why should you care?

Zero-Trust Architecture: What is it and why should you care?

If you're like most people, the thought of your sensitive business data being stolen by some creep (that probably spends their entire day in pajama pants covered in Cheeto crumbs) is both infuriating and panic-inducing. You've got two choices: 1. You can either go to...