July 30th, 2020
Subscribe to our blog and stay up to date
As the world struggles with a healthcare crisis, organizations are trying to survive an economic one. Stay-at-home orders and social distancing have made it impossible for businesses to operate using traditional in-person work environments. Instead, companies have been forced to let employees work from home. That trend is unlikely to change even after the pandemic is controlled.
Glassdoor reported remote job openings were up 28.3% from this time last year even though overall job listings are down 23%. Manpower estimates that one in four jobs does not specify a location as opposed to one in ten in January of this year. Although working from home may have been a short-term solution, it is quickly becoming a standard part of the business landscape.
Many companies were ill-prepared for teleworking. Their infrastructure was not designed to support remote employees. Policies and procedures for remote workers were incomplete or nonexistent. IT departments or service providers scrambled to get employees online. In the rush to become operational, organizations failed to consider the implications of remote workers on a corporation's cybersecurity.
The number of cyber attempts reported to the FBI has quadrupled across all sectors since the start of the pandemic. Part of that increase can be attributed to the rise in the number of employees working from home. For example, user credentials for logging into the company's network while in the office may lack the robust security required for a remote workforce.
Multi-factor authentication (MFA) is a security system that requires multiple credentials to verify a user's identity. Instead of the standard credentials of username and password, MFA requires credentials from at least two of three categories:
If two categories of authentication are used, the process is called two-factor authentication (2FA). If three are used, the method is referred to as 3FA or three-factor authentication. Both 2FA and 3FA are subsets of MFA.
MFA can be implemented to resemble the single sign-on (SSO) authentication that many users enjoy. With SSO, users are authenticated and then given access to all applications associated with their account. It eliminates the need for multiple passwords, but it has a higher security risk. Configuring MFA to allow for a similar option not only provides convenience, but it also ensures better security.
When hackers steal usernames and passwords, they can gain unauthorized access to a company's network. With MFA, hackers need an additional factor such as a fingerprint or security code to log in to the system. For example, when users enter their usernames and passwords, a unique code is sent to each smartphone. That code must be entered into the system before access can be granted.
Even if bad actors have stolen usernames and passwords, they are unlikely to have access to the smartphone connected to the user account. Without access to the verification code, hackers cannot access the system. Given that 63% of data breaches can be traced to weak or reused passwords, adding the additional authentication factor of MFA is one way to strengthen security.
Since many remote workers may be using unsecured home or public networks, MFA can safeguard user credentials. It can minimize the opportunities for hackers to gain unauthorized access through phishing or social engineering tactics. MFA can also alleviate some of the burden on IT personnel as they work to secure a company's infrastructure and address the demands of a distributed workforce.
With MFA, user identities are checked every time they log in from a different device. That means an authorization check, such as a passcode, is sent to an email account or a smartphone associated with a user. The passcode must be entered before access is granted. With more people working from home and potentially using different devices, MFA can ensure that a bad actor is not gaining access.
So far, MFA has been able to block bot attacks. Bots can't intercept codes, and manual attempts to bypass MFA prompts have failed. Only highly sophisticated techniques or brute force attacks have the potential to compromise MFA-activated accounts. Because a bad actor needs a second factor to gain access, a stolen password or PIN can be rendered useless with MFA.
Preventing cybercriminals from acquiring user credentials can significantly reduce the chance of a successful data breach. Did you know that:
Adding MFA can prevent over 95% of bulk phishing attempts and over 75% of targeted attacks, according to Google.
Once hackers have access to a system, they can install malware, steal sensitive information, or disrupt operations. Restoring service can be costly. An IBM study found that recovery costs were spread over three years, with the majority of the costs occurring in the first year. If the breach occurred in a regulated industry such as healthcare, utilities, or finance, costs in the second year could be as much as 25% of the total costs. On average, it takes an organization over 275 days to contain a data breach. That's nine months in which resources are not available for business growth.
Trying to recover from a cyberattack while navigating a business through a pandemic could be catastrophic. Before the pandemic, it was estimated that 60% of small or mid-sized businesses failed within six months of a data breach or cyberattack. Investing in MFA is one way to mitigate the risk of unauthorized access as more employees work from home. By reducing the opportunities that bad actors have to conduct a cyberattack, companies can lessen the financial impact of a data breach during a global health crisis.
Figuring out all your bases to cover is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization. Electric can work closely to help you find the right MFA solutions to make remote work easier and more secure for your employees.