Vulnerability to Cyberattacks
- 300,000,000+ fraudulent sign-in attempts to Microsoft Cloud Services per day =
- 99.9% of attacks that can be blocked by enabling multi-factor authentication (MFA), according to Microsoft
- Yet, only 38% of user accounts have MFA enabled, despite it being one of the most effective security measures
Multi-Factor Authentication(MFA) was typically thought of as a necessity for only larger businesses with a more sophisticated IT infrastructure. However, this is no longer true and even very small companies - those with 25 employees or less - are required to have MFA in place in order to be a candidate for cyber insurance.
How Multi-Factor Authentication Works - The Three Main Factors
Rather than just asking for a username and password, MFA requires one or more additional verification 'factors' to gain access to a resource such as an application, online account or a VPN. Requiring added factors means that even if a hacker is able to steal or crack a password, they need more information to gain access. In turn, this decreases the likelihood of a successful cyberattack.
OneLogin explains that these factors can be:
- Things you know, such as a password or PIN
- Things you have, such as a badge or smartphone
- Things you are, such as fingerprints, voice recognition or other biometric
One of the most common additional verification factors that users encounter are one-time passwords. These 4 – 8 digit codes might be received via email, SMS or some sort of mobile app. The new code is generated periodically or each time an authentication request is submitted, making it very difficult to hack.
Multi-Factor Authentication and Cyber Liability
The ability to purchase cyber insurance for companies of all sizes and industry classes has, until recently, been available, subject to varying pricing and coverage terms. Due to the dramatic increase in both the size and scope of cyberattacks affecting companies of all sizes and industries, the ability to procure cyber liability insurance has become more difficult. This is true for both the underwriting/application process as well as the ability to remediate and recover from an incident.
Every cyber liability insurance carrier is now asking supplemental questions around MFA such as whether it is enforced if employees can access email through a web app on a non-corporate device and whether they use it to protect privileged user accounts.
Multi-Factor Authentication is critical in today's business environment. Cyberattacks rose throughout the 2010s and are likely to continue for another dramatic increase in the 2020s. Implementing multi-factor authentication solutions can dramatically reduce your risk of suffering a catastrophic breach while also giving your employees the confidence they need to do their jobs.
We will work with you to create a flexible, streamlined cybersecurity program that integrates directly with your business. In addition to concrete, measurable security, a strong program provides the answers to underwriting questions, enabling your company to procure cyber liability insurance with favorable terms and conditions.
Find an NFP Professional today to start a conversation about how we can work together to move you forward.