• Services
    • Cyber Security

      • Cyber Defense Operations
      • Cyber Incident Response Services
      • Cyber Risk Assessment
      Menu
      • Cyber Defense Operations
      • Cyber Incident Response Services
      • Cyber Risk Assessment

      Managed Help Desk

      • Virtual Agent Assistant
      • Technical Support Services
      • On-Site Technician Services
      Menu
      • Virtual Agent Assistant
      • Technical Support Services
      • On-Site Technician Services

      IT Service Management

      • Application Development & Configuration
      • IT Operations & Management
      Menu
      • Application Development & Configuration
      • IT Operations & Management

      IT Consulting & Staffing

      • IT Consulting
      • IT Staffing
      Menu
      • IT Consulting
      • IT Staffing
  • Clients
    • Federal Contract Vehicles
  • About Us
    • Company

      • About Us
      • Leadership
      • Certifications
      • Locations
      Menu
      • About Us
      • Leadership
      • Certifications
      • Locations

      Employment

      • Work at CRI
      Menu
      • Work at CRI

      Communications

      • Blog
      • Media & Public Relations
      Menu
      • Blog
      • Media & Public Relations

      Featured Article

      1st Task: Work on Cybersecurity Budgeting
      February 23, 2021
  • Contact Us
  • Home
  • Cyber Security
    • Cyber Defense Operations
    • Cyber Incident Response Services
    • Cyber Risk Assessment
  • IT Consulting
  • IT Staffing
  • IT Service Management
    • Application Development & Configuration
    • IT Operations & Management
  • Managed Help Desk
    • Virtual Agent Assistant
    • Technical Support Services
    • On-Site Technician Services
  • Our Clients
    • Federal Contract Vehicles
  • About Us
    • Blog
    • Certifications
    • Leadership
    • Media & PR
    • Our Offices
    • Work at CRI
  • Contact Us
INSIGHTS

Multifactor Authentication: The Single Most Important Thing You’re Probably Not Doing

July 18, 2019

SHARE

Share on linkedin
Share on twitter
Share on facebook
Share on email

For many businesses, multifactor authentication is often overlooked – but it can make or break the information security for your company.

Consider this example:

You have an employee that clicks on a link in a phishing email. The employee gets tricked into providing their user name and password by a website that looks like a login to your email application. An attacker accesses the user’s email account remotely and downloads all content. You have a publicly available FAQ for employees to use to access your corporate network using a VPN. The attacker sees this, uses the stolen password, and accesses your network remotely. All content on your open file shares gets exfiltrated. You left a text file in there containing an administrator password. The attacker has fully compromised your domain and all of the machines in it. The attacker uses Remote Desktop Protocol (RDP) to navigate throughout the environment and steal all of your intellectual property, sensitive PII, and more. You don’t have a clue any of this is going on.

This scenario is a company’s worst nightmare. Yet, it happens every single day. Why? Through sophisticated malware and phishing campaigns, obtaining an employee’s password has become trivial. It is simply not sufficient to rely on a password by itself as a control to authenticate and authorize access into your environment. You can, you should, and you must incorporate multifactor authentication (MFA) wherever you can. As soon as you can. Before you become another victim and statistic like the company did in the scenario above.

Multifactor Authentication Today

Since the utility of passwords has greatly diminished over time, vendor support for multifactor authentication is now quite widespread. Accessing a user desktop, remote email, VPN, cloud services, and even social media can all be done with authentication that requires a second factor in addition to a password for access.

Fortunately, single sign-on (SSO) is also universally available using a variety of different federation methods. SSO is extremely dangerous for an organization that only relies on a password since the same stolen password can be used to access everything the user is authorized to see. However, SSO is extremely beneficial for an organization that has implemented multifactor authentication. The reason why is that users gain the benefit of only needing to remember one password, as well as the convenience of only needing to use the second factor a limited number of times. While using a second factor of authentication causes a slight delay through the extra step when trying to access a system, SSO minimizes the burden which multifactor authentication introduces.

Implementing Multifactor Authentication

Due to widespread support for multifactor authentication, the technical implementation isn’t terribly difficult. You do need to plan out an identity management strategy, however, and make sure you take inventory of everything you wish to be included in your transition efforts. You’ll also want to do some research on the best way to use SSO (if you do use this or decide you want it).

One decision you’ll need to make is what to use as the second factor for authentication. Many vendors support SMS text messaging, secure one-time codes which rotate, phone callback confirmations, push messages, and more. You’ll see in the security media that experts will poke holes at one or more methods claiming that a different method is more secure. Yes, there is a difference in security level for these things (e.g., SMS is less secure than an encrypted one-time password). However, the most important benefit you gain is by adoption of the second factor. That is what gets you the most security. You want to choose a method of suite of methods which your user base will support and be comfortable using.

Key Takeaways for Businesses

Identity and access management is something which should be strategically planned in all organizations. Making sure you have secure authentication with multifactor authentication is one of the single most important controls you can implement. Stolen passwords, even to an internal administrator account, are rendered useless to a remote attacker with multifactor authentication. If you are not using multifactor authentication, your risk is very high of some kind of email compromise or other unauthorized access. If you’re lucky enough to not have already had this happen, it won’t be long before it does.

SHARE

Share on linkedin
Share on twitter
Share on facebook
Share on email
PrevPreviousNow Hiring in Beautiful Idaho
NextIt’s About the Data Security!Next

CRI is a family owned and operated company. Our values are guided by our corporate purpose statement: To make a positive difference in people’s lives. This statement drives the interaction with our partners, customers, and most importantly our employees.

Company

  • About Us
  • Certifications
  • Leadership
  • Careers

Helpful Links

  • Federal Contract Vehicles
  • Media
  • Blog
  • Privacy

Locations

  • Boise, ID
  • Idaho Falls, ID
  • Reston, VA
  • Albuquerque, NM

Follow Us

Twitter
Linkedin

© CRI Advantage, Inc. 2020. All Right Reserved.

Request a COnsult