Multifactor Authentication: The Single Most Important Thing You’re Probably Not Doing

For many businesses, multifactor authentication is often overlooked – but it can make or break the information security for your company.

Consider this example:

You have an employee that clicks on a link in a phishing email. The employee gets tricked into providing their user name and password by a website that looks like a login to your email application. An attacker accesses the user’s email account remotely and downloads all content. You have a publicly available FAQ for employees to use to access your corporate network using a VPN. The attacker sees this, uses the stolen password, and accesses your network remotely. All content on your open file shares gets exfiltrated. You left a text file in there containing an administrator password. The attacker has fully compromised your domain and all of the machines in it. The attacker uses Remote Desktop Protocol (RDP) to navigate throughout the environment and steal all of your intellectual property, sensitive PII, and more. You don’t have a clue any of this is going on.

This scenario is a company’s worst nightmare. Yet, it happens every single day. Why? Through sophisticated malware and phishing campaigns, obtaining an employee’s password has become trivial. It is simply not sufficient to rely on a password by itself as a control to authenticate and authorize access into your environment. You can, you should, and you must incorporate multifactor authentication (MFA) wherever you can. As soon as you can. Before you become another victim and statistic like the company did in the scenario above.