With ransomware and malware attacks getting more frequent and sophisticated year after year, more businesses are waking up to the reality that it isn’t a matter of if their company is going to be hit, but when. By 2025, global cybercrime is estimated to cost over $10.5 trillion annually, and your organization could be one of the ones footing the bill if you’re not careful. If you’ve thought of protecting yourself from the expense of recovering from a data breach or ransomware attack with a cyber insurance policy, it’s a good idea, but it’s no replacement for proper cybersecurity practices. In fact, to secure coverage at all, you’ll need to furnish evidence of your policies, procedures, and security controls. One minimum must-have insurance companies will be looking for is multi-factor authentication (MFA).
MFA isn’t just a hoop to jump through to keep your insurer happy. It’s a foundational security practice that will help reduce the chance you’ll suffer a hack in the first place. Here’s what you need to know about MFA and why it’s a critical security practice for your business.
What is Multi-Factor Authentication?
Authentication is simply proving to the system or online account you’re signing into that you are who you say you are. Unfortunately, the most familiar method for doing this—entering a username and password—isn’t secure enough on its own. Data breaches, keyloggers, and phishing can be (and routinely are) used to steal these kinds of credentials and gain access to sensitive information.
Multi-factor authentication adds additional verification to this process to confirm your identity and reduce the chances that a malicious actor with stolen information can log into your account. With this enhanced security measure, your password alone isn’t enough to verify your identity. At least one additional element needs to be provided, such as a one-time passcode provided by text, phone, and/or email; biometric data like a fingerprint; or an authentication app or token.
If you’ve ever gotten a numeric code by text when you’ve logged into your bank’s website that you have to enter to proceed, you’ve already experienced MFA in action. With a similar process in place in your business, you dramatically reduce the chances that someone other than your trusted employees can log into your network and access sensitive information.
Why MFA is Required for Cyber Insurance
Insurance companies insist on MFA for a cyber liability insurance policy for one simple reason: it works. A security study by Google in 2019 showed that a two-step authentication process using an SMS code sent to a recovery phone number helped block 76% of targeted attacks, 96% of bulk phishing attacks, and 100% of automated bots. [i] Having a second step to confirm that the login comes from a trusted user stops potential hackers in their tracks when they don’t have the device, biometrics, or authentication app necessary to complete login.
The basic but effective layer of security provided by MFA greatly reduces the risk of your business suffering a successful cyberattack. As the financial damages from cybercrime grow, insurance companies are asking harder questions about the steps organizations are taking to keep their systems and confidential information secure. Having MFA shows your insurer that you’re doing your part to reduce your cybersecurity risk, making you a safer investment for them.
It’s important to note that the effectiveness of SMS as a multifactor authentication step is being eroded by hackers employing man-in-the-middle attacks and social engineering schemes to enable them to mimic victims’ mobile devices. By tricking phone service providers into sending them new SIM cards, they’re able to set up burner phones to receive the codes that should be keeping your account safe. Your business needs more robust solutions to ensure the effectiveness of your security stays a step ahead of criminal ingenuity.
Your MFA (and Cybersecurity) Solution
Multi-factor authentication doesn’t have to be slow or inconvenient to be effective. Petronella Technology Group (PTG) offers a wide range of authentication solutions that can be configured to meet the specific needs of your organization. We leverage patented MFA solutions and work directly with the patent holders to architect the most secure solutions possible, oftentimes adding hardware proximity tokens to further enhance security. We can get you up and running quickly with the right MFA process for you, designed to fit into an overall cybersecurity strategy that protects your business and keeps you up to date with applicable compliance requirements.
The cold hard truth is that your cyber insurance policy should be a last resort. Even when claims are paid, companies often don’t recover from the damage done by ransomware. It’s easy to remove malware—it’s extremely difficult to recover lost data and lost employee time in cleaning up the mess. Just as bad is the fact that if you can’t prove to your insurer that you’ve done everything you can to prevent a breach with multiple security control layers (MFA alone is not enough!), security risk assessments, vulnerability scans, and penetration tests, you’re handing them an excuse to deny your claim.
If you’re not 100% sure that your existing security practices are up to the challenge today’s cybercriminals are throwing at them, then the situation is clear—they’re not! Don’t wait until the financial and reputational damage has been done. PTG can get you the protection you need to secure your data, keep hackers out, and sleep easier at night. To schedule a free consultation now, contact us here.
[i] https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html