Page 43 - Cyber Defense eMagazine January 2023
P. 43
1. Educate, Train, Inform
MFA involves everyone, not just IT teams or cybersecurity analysts. Using it as a defensive strategy
encompasses more surface area, minimizing accidental misuse of technology.
Transitioning to an MFA landscape is a prime opportunity to provide additional cybersecurity training to
workers and decrease the chance of frustration or complacency if they find MFA measures combative to
their workflow. It helps with cybersecurity hygiene inside and outside the office because it can inform
team members how to create more secure passwords or safer emailing habits.
Employee buy-in is crucial for a seamless transition. The best way to ensure that is to clearly
communicate the phases of the rollout — if they don’t understand what’s happening, it’s more likely they
will not take it as seriously as they should. It also solidifies continued use because individual workers
could find ways to deactivate it on their accounts unless higher permissions prevent it.
2. Achieve and Maintain Compliance
Assessors look to MFA implementation to obtain and abide by some of the world’s most respected
compliance frameworks. Instilling the practice now can help organizations avoid fines and other negative
consequences, such as a loss in reputation for lacking compliance.
Frameworks like HIPAA that focus on protecting personally identifying information require MFA. For the
finance sector, Federal Financial Institutions Examination Council standards encourage MFA for online
banking services. The practice is such a gold standard now that it also helps with insurance since they
check if companies are using it when discussing liability.
3. Vary Authentication Measures With Contextual Triggers
MFA doesn’t only have one method, such as receiving a code on a phone and inputting it on a PC.
Implementing multiple MFA measures can increase defenses. If the MFA environment is too much of a
monoculture, threats could identify this behavior and take advantage of it.
Apart from receiving an SMS, these are the other ways a company can diversify MFA:
• Soft and hardware tokens
• Phone call
• Email approval or code
• Biometrics like fingerprint or face ID
• Receiving codes through other authentication apps
• Security questions
Cyber Defense eMagazine – January 2023 Edition 43
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.