Page 43 - Cyber Defense eMagazine January 2023
P. 43

1. Educate, Train, Inform

            MFA involves everyone, not just IT teams or cybersecurity analysts. Using it as a defensive strategy
            encompasses more surface area, minimizing accidental misuse of technology.

            Transitioning to an MFA landscape is a prime opportunity to provide additional cybersecurity training to
            workers and decrease the chance of frustration or complacency if they find MFA measures combative to
            their workflow. It helps with cybersecurity hygiene inside and outside the office because it can inform
            team members how to create more secure passwords or safer emailing habits.


            Employee  buy-in  is  crucial  for  a  seamless  transition.  The  best  way  to  ensure  that  is  to  clearly
            communicate the phases of the rollout — if they don’t understand what’s happening, it’s more likely they
            will not take it as seriously as they should. It also solidifies continued use because individual workers
            could find ways to deactivate it on their accounts unless higher permissions prevent it.



            2. Achieve and Maintain Compliance

            Assessors  look  to  MFA  implementation  to  obtain  and  abide  by  some  of  the  world’s  most  respected
            compliance frameworks. Instilling the practice now can help organizations avoid fines and other negative
            consequences, such as a loss in reputation for lacking compliance.

            Frameworks like HIPAA that focus on protecting personally identifying information require MFA. For the
            finance sector, Federal Financial Institutions Examination Council standards encourage MFA for online
            banking services. The practice is such a gold standard now that it also helps with insurance since they
            check if companies are using it when discussing liability.



            3. Vary Authentication Measures With Contextual Triggers


            MFA doesn’t only have one method, such as receiving a code on a phone and inputting it on a PC.
            Implementing multiple MFA measures can increase defenses. If the MFA environment is too much of a
            monoculture, threats could identify this behavior and take advantage of it.

            Apart from receiving an SMS, these are the other ways a company can diversify MFA:

               •  Soft and hardware tokens
               •  Phone call
               •  Email approval or code
               •  Biometrics like fingerprint or face ID
               •  Receiving codes through other authentication apps
               •  Security questions









            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       43
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   38   39   40   41   42   43   44   45   46   47   48