It’s well known that cyber crime is on the rise. According to the FBI’s annual Internet Crime report, there were a record number of cybercrime complaints in 2020. Compared to 2019, there was a 69% increase in cybercrime in 2020, costing Americans $4.1 billion. These crimes include:
Business email compromise
Ransomware attacks
Phishing scams
The best way to prevent these scams is by having strong cyber security practices in place to protect your data. One of those practices is implementing multi-factor authentication. Another reason why your organization should implement multifactor authentication? In many cases, it is now a requirement for cyber insurance underwriting.
What is multi-factor authentication?
Multi-factor authentication (MFA) is an electronic authentication method that requires the user to provide two or more forms of identity verification before they’re allowed access to a website, network, or application.
There are three main types of MFA.
Information you know such as passwords and PINs.
Physical object like a key or smart card.
Biometric verification such as a fingerprint, retina scan or voice recognition.
There’s also two-factor authentication (2FA) that uses two verifications to grant access. MFA or systems that use two or more verifications are more secure than 2FA and just as easy to implement. As cybercriminals become better at hacking our passwords, MFA forces them to verify their identity a second or third time.
How does it work?
At the most basic level, MFA is a second or third step after entering your password. You are prompted to provide multiple forms of verification which could include your fingerprint, scanning a key card or entering a code sent to your email or phone. For example, if a hacker steals your password but is then prompted to enter a code sent to your mobile phone number, they are unable to gain access. It’s unlikely they also have access to your text messages. MFA is a simple but effective tool to provide an extra level of security.
Now required for insurance
The cyber insurance industry has also been hit by the rise in costly cyberattacks in both frequency and severity of claims, especially ransomware. Ransomware demands are often six to seven figures. In addition to ransom payment, claim costs can include covering business income losses, restoring data, and legal, forensic, and public relation fees. As a result, insurance providers are now requiring multifactor authentication and consider it a basic requirement to obtain cyber insurance coverage. According to Microsoft, MFA can protect against 99.9% of all attacks related to compromised accounts.
Many cyber insurance policies will require that MFA protects:
Remote Network Access: With so many companies now having many employees working from home, using MFA to protect remote network access has become even more critical. Think of all your employees logging on to your network using VPN. Requiring an additional verification such as a texted or emailed code can prevent cybercriminals from gaining access to your network. Without MFA, a cybercriminal would only need a password to gain access.
Email access: The most common theme in cyberattacks is that the email systems did not have MFA enabled. Business Email Compromise (BEC) is one of the first entry points for cybercriminals. Enabling MFA for email access is one of your first lines of defense and the easiest way to prevent hackers from going further.
Administrative access: Protecting your organization’s administrative access is key to stopping cybercriminals from gaining access to other systems. If a cybercriminal gains administrative access, they can potentially initiate a ransomware attack, create fake accounts, and even alter IT systems to make other attacks easier to implement.
If you are renewing your cyber insurance policy soon or looking to purchase coverage, you will likely find that MFA is now required. Your insurance provider can usually provide you with resources for implementing MFA to help get you started. They can connect you with service providers to help guide you through what is needed. While MFA can add steps to your employee login process, the added security is well worth it.