In what is being labelled the biggest data breach of all time, COMB or the Compilation of Many Breaches, was leaked to an online forum in February of this year (2021). Containing more than 3.2 billion unique pairs of cleartext emails and passwords, the data is a combination of smaller data breaches that have occurred over the past several years.
Considering there are around 4.7 billion users of the internet, 3.2 billion is a pretty substantial portion. If worried that employee emails may have been caught up in this or other data breaches, the website haveibeenpwned can be used to verify if that is indeed the case. Simply enter an email address to check.
Some of the companies whose users data was caught up in the COMB breach, including Netflix, Google, Hotmail and more, claim that they were not directly hacked, but that it is more likely their users passwords and emails were stolen or even guessed. This brings up the topic of passwords and how effective they actually are as a security measure.
With Cybercrime more prevalent than ever – a recent survey showing a 600% rise, with over 46% of global businesses having reported at least one cyber-attack since the shift to remote working – it is imperative that businesses protect their valuable information by implementing stronger security protocols around the use of passwords. In March of 2020, Microsoft engineers said that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution.
Multi-factor authentication (MFA) is an electronic authentication method that requires the user to provide two or more forms of identity verification in order to access a resource, online account, network or application.
MFA comprises of three main types of additional information:
Another part of MFA is Adaptive Authentication, which is a risk based authentication. This may only be required in what is deemed, suspicious circumstances such as attempting to login from a device that is not recognised or has not been verified or from an unfamiliar location.
Traditional passwords are simply not secure enough on their own. Introducing an MFA policy decreases the chance of a successful security breach and increases confidence within an organisation. Here are some of the main reasons to implement MFA:
With the level of phishing emails increasing and potential for malware being installed onto devices and networks, the danger of passwords being stolen is extremely high. In fact, 57% of Irish people admit to opening emails from people they don’t know. With MFA, even if a password is stolen, a hacker will be unable to gain access due to the additional steps required.
59% of organisations rely on human memory to manage passwords while 75% of Irish people surveyed use the same password across different sites and online services. Chances are if a hacker gains access to a password for one platform, they will in fact have the login credentials for multiple platforms. The use of MFA strengthens security even if the password is particularly weak.
2020 has seen many employees forced to work from home, in many cases using personal devices and public home networks for work purposes. These often do not have effective protections and security software installed, making them more likely to be hacked. MFA greatly reduces the chance of valuable information being accessed through the hacking of a personal device.
Anti-virus software and firewalls are effectively made redundant if employees’ passwords are stolen. If a hacker manages to gain access to a network through a stolen password, once inside, they can bypass and even disable firewalls so that they can wreak havoc on the company systems and steal more information. By enabling MFA, it reinforces additional security rather than weakening it.
The reason many use the same password is purely due to ease of use. It is much easier to remember one password than multiple. Most people will have gone through the “forgot your password” steps more than once which takes time and attention away from work and leads to distraction while going through the steps and creating a new password. MFA means that there are multiple methods to choose from to log in so the user can pick the most suitable, saving time in the long run.
Though not a legal requirement as such, more and more organisations are insisting on MFA as a compliance measure in order to conduct business. If a company holds sensitive data on customers for instance, it instils greater confidence that their data is safe when MFA is being used. The same can be said when working with suppliers or third party vendors. There are many doors through which information can be accessed and MFA can protect against such infiltration.
Microsoft 365 includes a MFA feature for its users. If purchased recently, this should automatically be defaulted to ‘On’. If not, there are a few simple steps to take to enable MFA.
Note: You must be a Global admin to manage MFA and if you have legacy per-user MFA turned on, this needs to be turned off.
Upon next login, users will be prompted to set up the Microsoft Authenticator app on their phones for a second form of authentication.
MFA solutions are inexpensive and easy to set up and add a strong layer of protection. It’s not so much a case of why an organisation needs to use it, but a question of why it is not already being used.
If you need assistance with your cyber security or with implementing multi factor authentication across your organisation, get in touch with our team at +353 (0)1 8183272 or email us at info@calnet.ie.
It’s no secret that the global events of the past few years have altered the world of business for good. Employees are no longer willing to be tethered to their office desks; the hybrid workforce requires more flexible and agile working solutions that allow them to...
How Azure Virtual Desktop Security is Facilitating Secure Remote Working Practices As businesses across the globe have adapted to a remote working model, the need for more robust security measures has naturally increased. Disparate co-workers are naturally more...
Understanding Your Virtualisation Options: Azure Virtual Desktop vs Remote Desktop vs Virtual Machines The digital workforce now views flexibility as a necessity. The ability to work from anywhere underpins our current business environment. While several IT solutions...
%