Implement multi-factor authentication

We’ve recommended multi-factor authentication (MFA) several times in previous tips, but it really is deserving of its own tip because of its sheer amount of benefits. Implementing MFA:

  • Increases security of internet-accessible resources.
  • Reduces the surface area of attack for cybercriminals trying to access your organization’s data.
  • Protects data against lost or stolen passwords and equipment.
  • Allows your organization to enable remote employees to access systems and resources from anywhere.

It’s increasingly required from a regulatory or compliance perspective (e.g., HIPAA, CMMC, FFIEC). Even cyber insurance providers are starting to require MFA to be in place for policy renewal and underwriting.

Next steps

  • Inventory all platforms: Inventory the platforms where employees have access to remote company data and resources. This can include email, VPN, remote desktop platforms and collaboration software like SharePoint and the Google suite.
  • Review vendor account logins: Review vendors to ensure they have MFA enabled.

Engage third-party expertise: These third parties can audit and implement MFA solutions around your organization, from online collaboration platforms to security systems to line-of-business software.