Multi-factor authentication (MFA) is still as relevant now as it was years ago when it first became a recommended best practice. Why? Because it protects data against lost or stolen passwords and equipment. It reduces the surface area of attack for cybercriminals trying to access your organization’s data. And it improves security so that remote employees can access systems and resources from anywhere.
MFA is also increasingly required by regulations (e.g., HIPAA, CMMC, FFIEC) and cyber insurance providers, who are making it a condition of policy renewal and underwriting.
Next steps
- Inventory all platforms: Identify all platforms where employees have access to remote company data and resources. This can include email, VPN, remote desktop platforms, cloud solutions and collaboration software.
- Implement MFA solutions: For any of your identified remote access and internal admin accounts ,you’ll need to implement MFA solutions. Note, some organizations require more than one solution, as deploying MFA on internal admin accounts can be technically more challenging and requires specialized solutions.
- Review vendor account logins: Your vendors should also have MFA enabled, further increasing the level of security throughout your organization.
- Engage third-party expertise: A third party can audit and implement MFA solutions around your organization, from online collaboration platforms to security systems to line-of-business software.