We now have daily headlines of organizations hit with a variety of cyber attacks, or digital extortion attacks, known as ransomware. This rapid rise in ransomware losses has many insurance carriers making drastic changes to the cyber insurance policies they write and the application process an organization needs to go through to secure the policy. One of those major changes is the condition of Multi-Factor Authentication (MFA). Here’s what you need to know!
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication is an electronic authentication method that requires the user to provide two or more forms of identity verification before they’re allowed access to a website, network, or application.
This method is a simple solution for deterring many possible outcomes of a cyber attack. In fact, Microsoft states that MFA can block over 99.9% of account compromise attacks. Given that password habits are generally not good among most employees, this extra security measure is becoming a necessity for organizations of all sizes.
The benefits of using Multi-Factor Authentication (MFA).
Multi-Factor Authentication is important, as it makes stealing your organization’s information harder for the average criminal. When implemented correctly, MFA can be used to safeguard often overlooked points of authentication, such as email and business applications.
The less enticing your data, the more likely that cyber criminals will choose another organization to target. Despite popular opinion, MFA is easy to use and there are many inexpensive plans to choose from.
What’s at risk if Multi-Factor Authentication is not deployed?
Without this extra layer of protection, an attacker can exploit an exposed email account or compromise a poorly-protected application to gain access to additional user information—or even worse, use the compromise as a “foothold” to escalate privileges and gain superuser access to the entire environment.
Business email compromise (BEC) is a growing threat to organizations. Business email compromise attacks are up 67% from 2019 to 2020, according to Coalition’s 2020 Cyber Claims Report.
Just some of the things a cyber criminal can do once they have access to an email account, for instance, includes fraudulent wire transfer requests, redirecting funds (like payroll funds) or company goods to their own financial accounts, exposing corporate data or personally identifiable information of customers and employees, or deploying ransomware.
How Multi-Factor Authentication impacts cyber insurance.
For the last several years, most business sectors could secure quality cyber insurance with minimal application questions, and the premium has been very reasonable. But that has changed abruptly. Due to the increasing prevalence of cyber attacks, cyber insurers are now requiring applicants to demonstrate that they have taken steps to prevent cyber attacks.
For example, most cyber insurance carriers are now making two-factor authentication, commonly called 2FA or Multi-Factor Authentication (MFA), a condition for purchasing and renewing cyber insurance.
Types of MFA software your business can consider.
Most MFA systems won’t eliminate usernames and passwords. Instead, they layer on another verification method to ensure that the proper people come in and the cyber criminals stay out. Here are a few options for you to research:
- Authy
- Ping Identity
- Duo Security
- Google Authenticator
- OneLogin
- RSA SecurID Access
- LastPass
- And more!
Multi-Factor Authentication solutions are relatively inexpensive and often extremely easy to deploy. They provide simple but effective protection for your business. So instead of asking yourself why you need to enable MFA, it’s time to ask yourself why you haven’t already done it.
Arbor Insurance Group provides cyber insurance and other personal and business insurance products throughout the Lehigh Valley, including Allentown, Bethlehem, Easton, Emmaus, Macungie and surrounding areas.
