Implement multi-factor authentication
We’ve recommended multi-factor authentication (MFA) several times in previous tips, but it really is deserving of its own tip because of its sheer amount of benefits. Implementing MFA:
- Increases security of internet-accessible resources.
- Reduces the surface area of attack for cybercriminals trying to access your organization’s data.
- Protects data against lost or stolen passwords and equipment.
- Allows your organization to enable remote employees to access systems and resources from anywhere.
It’s increasingly required from a regulatory or compliance perspective (e.g., HIPAA, CMMC, FFIEC). Even cyber insurance providers are starting to require MFA to be in place for policy renewal and underwriting.
- Inventory all platforms: Inventory the platforms where employees have access to remote company data and resources. This can include email, VPN, remote desktop platforms and collaboration software like SharePoint and the Google suite.
- Review vendor account logins: Review vendors to ensure they have MFA enabled.
Engage third-party expertise: These third parties can audit and implement MFA solutions around your organization, from online collaboration platforms to security systems to line-of-business software.