Multi Factor Authentication – is BASELINE security.

2021-08-27

Multifactor Authentication (MFA) is a BASELINE security requirement for your Business. It is no longer considered an option if you value the security of your business.

To underpin the point, President Biden has recently signed an Executive Order making MFA a non-negotiable requirement for all US government agencies, with immediate effect

Outsource recommend businesses continue to maintain a robust security stance using group policies to ensure staff avoid the use of simple, non-complex passwords. The National Cyber Security Centre’s current recommendation for a strong password is to use three random memorable words, “ RedPantsTrees4! ”.Longer and complex alpha numeric passwords also remain acceptable.

However even complex passwords remain vulnerable to exploit. The IT security community believe the incorporation of the additional layer of MFA security is a must to help maintain the integrity and safety of your business networks. It simply provides an additional layer of security, a safety net, when for whatever reason a password has been compromised. It just requires a user to present two pieces of evidence as verification before they can gain access.

MFA is not new and you will already use it in your own personal life. From the moment you swipe your bank card at the ATM and need to verify by a PIN number to your online purchase where you are then required to enter a numeric code sent to your phone/e-mail address.

In order to verify users MFA offers a range of options falling into one of the following three primary categories:

– Something you know (like a password or PIN)
– Something you have (like a smart card/one-off code/clicking – – Approve on an authenticator)
– Something you are (like your fingerprint/face ID).

As technology evolves and security threats continue to increase expect to see the increasing use of more specific security measures such as Adaptive MFA. This will further increase your security stance by tailoring verification to user roles, security levels, approved permissions, location, log in behaviour etc. These variables when chosen will all feed into each individual users specific log in requirements. However for today the minimum requirement as confirmed by all reputable Security experts must be the deployment of MFA.

If the importance of MFA has not been stressed enough by your existing IT provider or your internal IT team you need to ask why and if required seek advice from another reputable Security adviser.

For the effective protection of your Network and your Users it is time to ask yourself “why do we not already have MFA in our business ?”

Get in touch to discuss how the Outsource Group can support your Cyber Security and IT needs, for today and tomorrow.